Block certain websites usins Cisco PIX

Posted on 2007-07-22
Medium Priority
Last Modified: 2012-06-27

How can i block certain websites usins Cisco PIX? I know it can be integrated to Websense and all. Iam in the process of getting one, but in the mean time i need an option to block certain websites using the ip address. For eg. if www.yahoo.com ip address is, i should be able to block any connection to using my pix.

Please can some one tell me how to do it?

My version is Cisco PIX Firewall Version 6.3(5)


Question by:qman2007
LVL 20

Accepted Solution

calvinetter earned 500 total points
ID: 19542704
access-list outbound deny ip any host
access-list outbound permit ip any any
access-group outbound in interface inside

LVL 25

Assisted Solution

Cyclops3590 earned 500 total points
ID: 19543067
this is what I do for banned-servers, which is a small twist on calvinetter's acls

object-group network banned-servers
 network-object host
access-list outbound deny ip any object-group banned-servers
access-list outbound permit ip any any
access-group outbound in interface inside

has the exact same effect as calvinetter's acl, but if you need to add one or take an IP away you don't have to mess with the acls.  It honestly doesn't matter which way you go, just wanted to let you know about object-groups and how they can help keep your acl section nice and tidy :)
LVL 79

Assisted Solution

lrmoore earned 500 total points
ID: 19543164
I'd go with the object groups, too. Makes it so easy to add/remove any particular host from the banned list.

If you're really serious about access control, you might want to look at something like the iPrism appliance:
Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

LVL 20

Expert Comment

ID: 19549333
Yep object-groups are nice, just wanted to keep it simple since the asker didn't seem to know how to do basic ACL filtering.

qman2007 - if you only need to block that 1 site, you can use my example.  Otherwise if you're probably going to end up blocking many sites, you could either just add another line to my ACL example, or do as Cyclops suggests.


Author Comment

ID: 19553558
Hi All,

Thanks for the replies. Will try out few things and let you know.


LVL 57

Assisted Solution

by:Pete Long
Pete Long earned 500 total points
ID: 19554076
Or if you are thinking of an upgrade the Cisco 5510 now can be fitted with an optional Content Security Module - which has built in Trend Micro Web filtering - the annual Licence fee for that may be considerably less than Websense - and its relatively easy to set up and configure :)


Expert Comment

ID: 20106182
Forced accept.

EE Admin

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Exchange server is not supported in any cloud-hosted platform (other than Azure with Azure Premium Storage).
This past year has been one of great growth and performance for OnPage. We have added many features and integrations to the product, making 2016 an awesome year. We see these steps forward as the basis for future growth.
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Suggested Courses

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question