12-27-2005 01:21 PM - edited 02-21-2020 12:36 AM
Hello all,
I am fairly new to the PIX admin team but have what seems to be a strange problem. Our PIXs are setup to perform an explicit deny to all WWW traffic from our retail stores minus exceptions. We had a rule to allow our pharmacies to visit The Center for Disease Control (www.cdc.gov) but over the last few weeks the rule no longer works. If you perform a lookup on www.cdc.gov, it responds with a DCS address (*.mirror-image.net). How can I create a rule on the PIX using this information which will allow http traffic to www.cdc.gov?
12-27-2005 03:25 PM
without a third party web filter software, such as websense, pix can only filter the traffic with ip address.
i did a nslookup:
Name: prpx.service.mirror-image.net
Address: 128.242.107.120
Aliases: www.cdc.gov
i guess the acl should be look like:
access-list outbound permit tcp any host 128.242.107.120 eq 80
access-list outbound deny tcp any any eq 80
access-list outbound
12-28-2005 07:59 AM
There lies the problem...
While the lookup returns that IP, the DCS does not necessarily respond and forward the HTTP request. I figured as much that we'd have to use a content filtering solution such as Websense or Fortinet.
Thanks for the response Jackko
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide