> access-list outbound deny ip any 126.96.36.199 255.255.255.0
> access-list outbound permit ip any any
> access-group outbound in interface inside
Blocking Yahoo Messenger is not as easy as blocking other pieces of software. You see, Yahoo has their servers seperated out across various IPs, and you can't just do a range block, for risk of making parts of Yahoo disappear from your users browsers. So, to block Yahoo Messenger, you must block these 2servers by DNS address, not range,
You say that you need to block yahoo messenger by dns name. You imply this can be done on a PIX. If you know the secret of setting up a PIX acl based on host/domain name please let me know. We are evaluating PIX vs. Sidewinders now and this is the ONE feature the Sidewinder has over the PIX that may keep us from switching.
You would nslookup the dns name and use the IP. You can't use DNS to resolve names - you can only create "host" entries with the "name" command. From a security point of view, not using dns resolution on the PIX is a good thing, IMHO.
You're correct in that the PIX cannot restrict based on domain name. An alternative would be to blackhole IM domains/hosts e.g., login.oscar.aol.com, by having internal/dmz dns entries for them which direct traffic to a null0 interface somewhere.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...