I have Catalyst 6500 in my nework, topology like this:
Users (many VLANs) ---> Catalyst6500 ---> SquidProxy ---> Internet
Many users have suffered from virus, there are many request to some sites not real in the internet (ex: winibm.com,..); that causes SquidProxy out of service (down).
I want to block these requests on the Cat6500 so I use IP INSPECT feature, in the following link:
But it seems not to work as I expected: the users go to the Internet very slow, sometime Squid-Proxy is again down.
My question is :
Is there any feature in Catalyst 6500 that solve the problem?
If not, Which module or line card can I upgrade to the Catalyst 6500 to solve thoroughly?
Catayst 6500 use:
- IOS: s72033-ipservicesk9-mz.122-18.SXF6.bin
- CEF720 24 port 1000mb SFP WS-X6724-SFP
- 48-port 10/100/1000 RJ45 EtherModule WS-X6148A-GE-TX
- Supervisor Engine 720 WS-SUP720-3B
My config is:
ip inspect max-incomplete high 1200
ip inspect max-incomplete low 1000
ip inspect one-minute low 300
ip inspect one-minute high 400
ip inspect tcp max-incomplete host 50 block-time 10
ip inspect name DDOS http
ip inspect name DDOS tcp
description ### To Squid Proxy ###
ip inspect DDOS out