01-15-2010 01:26 AM - edited 03-11-2019 09:57 AM
Hi
I am using PIX-515E vers. 6.5 0firewall in my network. However I want to dynamically filter some URL such as malicious sites and redirect those Url to the syslogserver or another server. Is it possible? Many tanks in advance?
Bedst regards
Sfanayei
01-15-2010 05:31 AM
This is not possible.
If you have a websense server and you configure that as a url-server then, you can run reporting off of that.
http://www.cisco.com/en/US/docs/security/pix/pix63/command/reference/tz.html#wp1026449
or
If you enable fixup http then, it will automatically send a syslog to the syslog server when people access a website but, this is not possible for smtp.
Jan 15 2010 08:13:12: %ASA-5-304001: 192.168.2.2 Accessed URL 64.233.169.113:/generate_204
http://www.cisco.com/en/US/docs/security/pix/pix63/system/message/pixemsgs.html#wp1054385
-KS
01-17-2010 06:25 PM
Hello,
Thats too much to ask form a PIX 515E (6.x).
What you can use is a websense 3rd party filtering device (smartfilter, websense etc..) or AIP/CSC SSM modules to do these advanced URL filtering and logging. ABout blocking SMTP , you can use ACLs on the inside ifc (inbound direction) to allow PORT 25 traffic only to/from your MAIL SERVER and block all other port 25 traffic. By using the keywork log at the end of the 2nd and 3rd ACEs, you are making sure that whenever any host OTHER THAN THE SMTP SERVER tries to send/receive emails , a log will be generated in your SYSLOG SERVER (assuming you have one setup).
Access-list SMTP_BLOCK extended permit tcp host x.x.x.x any eq 25
Access-list SMTP_BLOCK extended deny tcp any eq 25 any log
Access-list SMTP_BLOCK extended deny tcp eq 25 any any log
Access-list SMTP_BLOCK extended permit ip any any
access-group SMTP_BLOCK in interface inside
HTH
Vijaya
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: