Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

To Block perticular site in Firewall - Gmail,Yahoo,Hotmail,Rediff

Hi Group Members,

Greetings of the Day !!!

How can I deny access to the above mentioed sites to users.

actually in our organisation, the link is chocked due this kind of links. we have squid proxy server in DC (DataCentre) in which this rule is already applied but if I want to apply thos rule via 525 PIX FW then where it would be applied.

my scenario

In LAN interface - 10.200.10.0/16

DMZ interface - 172.16.10.1/24

Outside interface - 192.168.100.1/24

where I have to put rule/commands so that I can deny these traffic.

please suggest.

Thanks in Advance.

Jigar K Dave

4 REPLIES
New Member

Re: To Block perticular site in Firewall - Gmail,Yahoo,Hotmail,R

Hi,

If you know the public ips for the respective sites, you can block it..

let say yahoo is - 68.180.206.184

if you want the lan users not to access yahoo site, the acl would be like this..

access-list yahoo_acl extended deny tcp 10.200.20.0 255.255.255.0 host 68.180.206.184 eq www

access-group yahoo_acl in interface inside

Basically, in pix firewalls, we can not have content filters..

regards

Rajesh P

Re: To Block perticular site in Firewall - Gmail,Yahoo,Hotmail,R

Rajesh,

The previous post is mis-leading, and only relates to version of code 7.0 and below for the PIX/ASA.

In ver 7.2.x and above you can block on URL - without having to use the IP address or whole class b/c subnets - see the below link:-

http://www.cisco.com/en/US/customer/products/ps6120/products_configuration_example09186a0080940c5a.shtml

http://www.cisco.com/en/US/customer/products/ps6120/products_configuration_example09186a0080940e04.shtml

HTH>

New Member

Re: To Block perticular site in Firewall - Gmail,Yahoo,Hotmail,R

Hi Rajesh,

but as I know the IP of these public servers are constantly changed after perticular time, so in this situation, this feature will not work.

your side suggestion needed on this.

Jigar

New Member

Re: To Block perticular site in Firewall - Gmail,Yahoo,Hotmail,R

I agree with your point that ip's will keep changing..

I do not know which version is running the firewall. If he has PDM installed in the pix, might be he can achive this.

But he has to make sure that its running with 7.2 or higher;

I would suggest him to use PDM/ASDM rather than CLI, as it require lot of patience and moreover confusing.

Lets see the result..

regards

Rajesh P

711
Views
0
Helpful
4
Replies
CreatePlease to create content