Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

Any idea about how to block the msn messenger in pix firewall?

Any input would be greatly appreicated.


Re: Any idea about how to block the msn messenger in pix firewal

If you have configured your PIX rightly, this is blocked automatically. That is, by default, PIX will block all traffic, and allow only those traffic that you want to pass through. You use 'conduit' statements to configure this.

Coming to msn messenger, I think it uses the TCP port 1863. So all you have to do is make sure PIX does not allow this port in any of the 'conduit' statements.

New Member

Re: Any idea about how to block the msn messenger in pix firewal

The PIX will by default block all connections originating from outside the firewall. If you follow the PIX configuration guidelines for two interfaces in the CISCO documentation, you will have set up a PIX that denies all traffic originating from outside, while allowing all connections that originate from the internal network to establish.

A user however who initiates a connection from the inside network, will successfully connect to the MSN messenger server. Once that connection exists, the PIX will allow inbound and outbound traffic through that socket.

Blocking instant messenging programs is not as easy as it might first seem. A lot of these programs have the ability to connect using multiple ports and multiple destination ip addresses. Most solutions require you to block all IP traffic to known instant messenging servers. Maintaining a list of ip addresses to block can become an administration nightmare.

There are a lot of resources out on the web that deal with blocking messenging services. I would suggest you start with google and see where it takes you.

Regardless of your approach, you would need to set up deny statements on the inside interface of the PIX to prevent users inside from initiating these connections to the outside.

CreatePlease to create content