To Block perticular site in Firewall - Gmail,Yahoo,Hotmail,Rediff

Unanswered Question
Aug 5th, 2008
User Badges:

Hi Group Members,

Greetings of the Day !!!

How can I deny access to the above mentioed sites to users.

actually in our organisation, the link is chocked due this kind of links. we have squid proxy server in DC (DataCentre) in which this rule is already applied but if I want to apply thos rule via 525 PIX FW then where it would be applied.

my scenario

In LAN interface - 10.200.10.0/16

DMZ interface - 172.16.10.1/24

Outside interface - 192.168.100.1/24


where I have to put rule/commands so that I can deny these traffic.


please suggest.


Thanks in Advance.

Jigar K Dave

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Sec IT Wed, 08/06/2008 - 01:59
User Badges:

Hi,


If you know the public ips for the respective sites, you can block it..


let say yahoo is - 68.180.206.184

if you want the lan users not to access yahoo site, the acl would be like this..


access-list yahoo_acl extended deny tcp 10.200.20.0 255.255.255.0 host 68.180.206.184 eq www


access-group yahoo_acl in interface inside



Basically, in pix firewalls, we can not have content filters..


regards

Rajesh P

Jigar Dave Wed, 08/06/2008 - 02:05
User Badges:

Hi Rajesh,

but as I know the IP of these public servers are constantly changed after perticular time, so in this situation, this feature will not work.

your side suggestion needed on this.


Jigar

Sec IT Wed, 08/06/2008 - 02:38
User Badges:

I agree with your point that ip's will keep changing..


I do not know which version is running the firewall. If he has PDM installed in the pix, might be he can achive this.


But he has to make sure that its running with 7.2 or higher;


I would suggest him to use PDM/ASDM rather than CLI, as it require lot of patience and moreover confusing.


Lets see the result..


regards

Rajesh P

Actions

This Discussion