I have a PIX515 and I am trying to block MSN but all attempts failed. I use ethereal captured packets and block each possible destination nets. Later I found MSN tried to use 207.46.*.* port 80, but this IPs also use for windows auto-update, for sure I can not block it since I need update my windows. If MSN works like this, does that mean I can not block it??? It not make sense?
On an IOS firewall feature set you can enable the HTTP inspection and specifically limit access to certain domain names with the urlfilter exclusive deny msn.com command. The PIX relies fully on a URL filter server such as Websense. I'd setup the external router to do CBAC and enable the http inspection within CBAC.
Upgrade you PIX to the latest 7.x series and you can use the URL filtering feature of the IOS to block the URL's that you dont want to permit for the users. It has more enhanced granular traffic filtering built into it.
Hi everyone, I would like to thank you in advance for any help you can provide a newcomer like myself!
Im studying the 100-105 book by Odom and am currently on the topic of Port security. I purchased a used 2960 and I'm trying to follow a...
While deploying a number of 18xx/2802/3802 model access points (APs), which run AP-COS as their operating platform. It can be observed on some occasions that while many of their access points were able to join the fabric WLC withou...
I am going to design and build an LAN network under a tunnel underground with long distance between the switches.
I will have 2 Catalyst switches and 8 Industrial IE3000, and they will be connected with fiber.
For now I am planning on use Layer-2 s...