How to filter http, smtp in PIX-515E firewall?

Unanswered Question
Jan 15th, 2010

Hi


I am using PIX-515E vers. 6.5 0firewall in my network. However I want to dynamically filter some URL such as malicious sites and redirect those Url to the syslogserver or another server. Is it possible? Many tanks in advance?


Bedst regards

Sfanayei

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Kureli Sankar Fri, 01/15/2010 - 05:31

This is not possible.


If you have a websense server and you configure that as a url-server then, you can run reporting off of that.


http://www.cisco.com/en/US/docs/security/pix/pix63/command/reference/tz.html#wp1026449


or


If you enable fixup http then, it will automatically send a syslog to the syslog server when people access a website but, this is not possible for smtp.


Jan 15 2010 08:13:12: %ASA-5-304001: 192.168.2.2 Accessed URL 64.233.169.113:/generate_204


http://www.cisco.com/en/US/docs/security/pix/pix63/system/message/pixemsgs.html#wp1054385



-KS

vilaxmi Sun, 01/17/2010 - 18:25

Hello,


Thats too much to ask form a PIX 515E (6.x).

What you can use is a websense 3rd party filtering device (smartfilter, websense etc..) or AIP/CSC SSM modules to do these advanced URL  filtering and logging. ABout blocking SMTP , you can use ACLs on the inside ifc (inbound direction) to allow PORT 25 traffic only to/from  your MAIL SERVER and block all other port 25 traffic. By using the keywork log at the end of the 2nd and 3rd ACEs, you are making sure that whenever any host OTHER THAN THE SMTP SERVER tries to send/receive emails , a log will be generated in your SYSLOG SERVER (assuming you have one setup).


Access-list SMTP_BLOCK  extended permit tcp  host x.x.x.x any eq 25

Access-list SMTP_BLOCK  extended deny tcp any eq 25 any log

Access-list SMTP_BLOCK  extended deny tcp eq 25 any any log

Access-list SMTP_BLOCK  extended permit ip any any


access-group SMTP_BLOCK in interface inside


HTH


Vijaya

Actions

This Discussion