03-27-2007 02:02 PM - edited 03-11-2019 02:52 AM
I want to redirect all inside to outside http requests (except the proxy server) to be sent to a internal web server which will state that the proxy is not setup and to contact IS. We have a PIX 525 firewall which I would like to put the redirection on.
Any suggestions? Thanks!
03-27-2007 11:23 PM
I think you are trying to get all your users to talk to the proxy server for http or https access. What you need to do is a simple access lists on your inside interface.
Sample could be like this
access-list inside1_outside extended permit tcp host
access-list inside1_outside extended permit tcp host
access-list inside1_outside extended permit udp any any eq domain
access-list inside1_outside extended permit icmp any any
access-list inside1_outside extended permit tcp any any eq domain
Your opening up http and https traffic to be allowed only from your proxy server. For dns you could be more specific with your access-list.
After this all the users will be denied access to the web unless they choose to redirect their traffic to the proxy server.
On the users web browser (IE) go to tools --> Internet Options --> Connections --> Lan setting --> Set up the proxy server configuration.
HTH
Hoogen
Do rate if this helps ;)
03-28-2007 03:47 PM
The PIX does not have a way of redirecting the outbound traffic to the server you choose.
As Hoogen indicated, you can write ACLs to block the traffic, but there isn't a way to redirect the users to a web server where they can read the corporate policy of using the proxy-server.
David.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide