Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

How to filter http, smtp in PIX-515E firewall?

Hi

I am using PIX-515E vers. 6.5 0firewall in my network. However I want to dynamically filter some URL such as malicious sites and redirect those Url to the syslogserver or another server. Is it possible? Many tanks in advance?

Bedst regards

Sfanayei

2 REPLIES
Cisco Employee

Re: How to filter http, smtp in PIX-515E firewall?

This is not possible.

If you have a websense server and you configure that as a url-server then, you can run reporting off of that.

http://www.cisco.com/en/US/docs/security/pix/pix63/command/reference/tz.html#wp1026449

or

If you enable fixup http then, it will automatically send a syslog to the syslog server when people access a website but, this is not possible for smtp.

Jan 15 2010 08:13:12: %ASA-5-304001: 192.168.2.2 Accessed URL 64.233.169.113:/generate_204

http://www.cisco.com/en/US/docs/security/pix/pix63/system/message/pixemsgs.html#wp1054385

-KS

Cisco Employee

Re: How to filter http, smtp in PIX-515E firewall?

Hello,

Thats too much to ask form a PIX 515E (6.x).

What you can use is a websense 3rd party filtering device (smartfilter, websense etc..) or AIP/CSC SSM modules to do these advanced URL  filtering and logging. ABout blocking SMTP , you can use ACLs on the inside ifc (inbound direction) to allow PORT 25 traffic only to/from  your MAIL SERVER and block all other port 25 traffic. By using the keywork log at the end of the 2nd and 3rd ACEs, you are making sure that whenever any host OTHER THAN THE SMTP SERVER tries to send/receive emails , a log will be generated in your SYSLOG SERVER (assuming you have one setup).

Access-list SMTP_BLOCK  extended permit tcp  host x.x.x.x any eq 25

Access-list SMTP_BLOCK  extended deny tcp any eq 25 any log

Access-list SMTP_BLOCK  extended deny tcp eq 25 any any log

Access-list SMTP_BLOCK  extended permit ip any any

access-group SMTP_BLOCK in interface inside

HTH

Vijaya

449
Views
0
Helpful
2
Replies