Solved

bloking chat or website in pix

Posted on 2006-11-22
10
597 Views
Last Modified: 2013-11-16
hi
can i block chat like yahoo chat or hotmail chat in pix 525?
can i block website like www.oil.com or any website i want in pix 525


thanks
0
Comment
Question by:nasemabdullaa
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
  • 2
  • +4
10 Comments
 
LVL 3

Expert Comment

by:KVR_Solutions
ID: 17995932
I don't think that's possible within the Pix firewall.

Short term - The quickest way is to modify your dns internally to have a zone entry for 'oil.com' pointing the request to a private IP scheme.

Long term - You may want to look at some web blocking software.

Ira @ KVR
0
 
LVL 16

Expert Comment

by:AdamRobinson
ID: 17995991
Does the pix 525 not allow you to block the ports normally used?



0
 

Author Comment

by:nasemabdullaa
ID: 17996050
hi
thanks for your reply
>>>You may want to look at some web blocking software.
can you gave me some title for this program

>>>Does the pix 525 not allow you to block the ports normally used
how i can block ports

thanks
0
Report: Liquid Web beats Amazon, Rackspace & More

A study by performance analyst firm Cloud Spectator finds that Liquid Web beats rivals Amazon, Rackspace and DigitalOcean when it comes to website and cloud application performance.

 
LVL 16

Assisted Solution

by:AdamRobinson
AdamRobinson earned 25 total points
ID: 17996202
Not familiar with the Pix 525 myself, I was just assuming it had to be possible to block ports/websites, else I can't see what good it's worth dynamically.  But see this link:

http://www.velocityreviews.com/forums/t34557-pix-howto-restricting-ports-used-for-pat.html
0
 
LVL 7

Assisted Solution

by:killbrad
killbrad earned 25 total points
ID: 17996208
I don't think you can restrict a domain name in the PIX, Only IP Addresses..
For content filtering, use Squid Proxy w/ DansGuardian:

http://www.squid-cache.org/
http://dansguardian.org/
0
 

Author Comment

by:nasemabdullaa
ID: 17996314
hi
thanks for your reply
i want web filter for windows server 2003

thanks
0
 
LVL 1

Expert Comment

by:rpone605
ID: 17996713
it is possible to block ports in the pix with access lists
0
 
LVL 8

Assisted Solution

by:caddlady
caddlady earned 50 total points
ID: 18000224
0
 
LVL 5

Accepted Solution

by:
drawlin earned 150 total points
ID: 18000799
The PIX will block outgoing just as it will incomming traffic.  By default, most people only create an access-list for inbound traffic and all outbound is allowed.  You can create an access-list for outbound traffic, but be warned that you must make an entry for every allowed outgoing connection type.  Meaning, once you make the outbound access-list, you must make entries for http, https, ftp, smtp, pop, etc......  If your boss uses some program that talks on UDP port 5342, then you have to make an entry for that as well.  

In other words, it's possible but also labor intensive.  However, once you have the access-list created based on your company policy, you will be much more secure than you were not having an outbound access-list.  One huge payoff to having this access-list is that if a client gets some malware that talks on IRC or some higher port, it gets blocked.

As far as blocking a website, you can nslookup www.oil.com (195.149.84.100) to get the IP, then make an:
access-list inbound deny ip 195.149.84.100 any entry in the PIX.

So it's possible, but you may not want to spend the time required to make all the access-list rules and may opt for something with a content filtering subscription.
0
 
LVL 7

Expert Comment

by:killbrad
ID: 18014770
It is important to remember that millions of websites are multi-homed (which means many servers, using several dfferent ip addresses are load balanced), and that websites can (and do often) change their ip addresses.  This is quite a task to keep up once you get more than a couple sites setup in the PIX using IP addresses.
0

Featured Post

Don't Miss ATEN at InfoComm 2017!

Visit booth #2167 to see the  new ATEN VM3200 32 x 32 Modular Matrix Switch. Other highlights include the VE8950 4K HDMI Over IP Extender, VS1912 12-Port DP Video Wall Media Player  and VK2100 ATEN Control System. Register now with Free Pass Code ATEN288!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Most of the applications these days are on Cloud. Cloud is ubiquitous with many service providers in the market. Since it has many benefits such as cost reduction, software updates, remote access, disaster recovery and much more.
Concerto Cloud Services, a provider of fully managed private, public and hybrid cloud solutions, announced today it was named to the 20 Coolest Cloud Infrastructure Vendors Of The 2017 Cloud  (http://www.concertocloud.com/about/in-the-news/2017/02/0…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question