Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1327
Views
0
Helpful
4
Replies

To Block perticular site in Firewall - Gmail,Yahoo,Hotmail,Rediff

Jigar Dave
Level 3
Level 3

‎08-05-2008 10:33 AM - edited ‎03-11-2019 06:26 AM

Hi Group Members,

Greetings of the Day !!!

How can I deny access to the above mentioed sites to users.

actually in our organisation, the link is chocked due this kind of links. we have squid proxy server in DC (DataCentre) in which this rule is already applied but if I want to apply thos rule via 525 PIX FW then where it would be applied.

my scenario

In LAN interface - 10.200.10.0/16

DMZ interface - 172.16.10.1/24

Outside interface - 192.168.100.1/24

where I have to put rule/commands so that I can deny these traffic.

please suggest.

Thanks in Advance.

Jigar K Dave

Labels:
0 Helpful
4 Replies 4

secureIT
Level 4
Level 4

‎08-06-2008 01:59 AM

Hi,

If you know the public ips for the respective sites, you can block it..

let say yahoo is - 68.180.206.184

if you want the lan users not to access yahoo site, the acl would be like this..

access-list yahoo_acl extended deny tcp 10.200.20.0 255.255.255.0 host 68.180.206.184 eq www

access-group yahoo_acl in interface inside

Basically, in pix firewalls, we can not have content filters..

regards

Rajesh P

0 Helpful

andrew.prince
Level 10
Level 10
In response to secureIT

‎08-06-2008 02:03 AM

Rajesh,

The previous post is mis-leading, and only relates to version of code 7.0 and below for the PIX/ASA.

In ver 7.2.x and above you can block on URL - without having to use the IP address or whole class b/c subnets - see the below link:-

http://www.cisco.com/en/US/customer/products/ps6120/products_configuration_example09186a0080940c5a.shtml

http://www.cisco.com/en/US/customer/products/ps6120/products_configuration_example09186a0080940e04.shtml

HTH>

0 Helpful

Jigar Dave
Level 3
Level 3
In response to secureIT

‎08-06-2008 02:05 AM

Hi Rajesh,

but as I know the IP of these public servers are constantly changed after perticular time, so in this situation, this feature will not work.

your side suggestion needed on this.

Jigar

0 Helpful

secureIT
Level 4
Level 4
In response to Jigar Dave

‎08-06-2008 02:38 AM

I agree with your point that ip's will keep changing..

I do not know which version is running the firewall. If he has PDM installed in the pix, might be he can achive this.

But he has to make sure that its running with 7.2 or higher;

I would suggest him to use PDM/ASDM rather than CLI, as it require lot of patience and moreover confusing.

Lets see the result..

regards

Rajesh P

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card