Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Blocking chat service on PIX firewall 515

Hi ,

I want to block chat service to a particular user.

I am using PIX FW 515 U ver 5.3(1)

I have used the fllowing commond to do so:

outbound 50 deny (IP addrs) (255.255.255.255) irc tcp

apply (inside) 50 outgoing_src

But it is not taking effect, I mean the user is still able to use the chat service.

FYI: Client gets the IP address from the Microsoft DHCP server

Could anybody help in this regard..where am I going wrong.

Thanks

regards

Mahavir

2 REPLIES
New Member

Re: Blocking chat service on PIX firewall 515

Parse your PIX syslog in debugging mode for traffic from that user. Make sure that they are using standard irc and not redirecting to higher ports. Also, you might just start by reloading the PIX to clear that users xlate. If they are getting a DHCP address, are you sure the address you are using is their machine?

New Member

Re: Blocking chat service on PIX firewall 515

Hi

Is very complicate block chat service to a particular user, if he or she used DHCP, but you can put a static IP to that user, and block them...

or use websense product and block them with putting a filter, bloking by username! or block that chat for everyone!

some chat like icq used dimanic port so, the best way to block this chat is with websense....!

also you can use netstat, to know the tcp port used by the chat, then you can use the command

i.e.

outbound 10 deny 0.0.0.0 0.0.0.0 194 tcp

outbound 10 deny 0.0.0.0 0.0.0.0 531 tcp

outbound 10 deny 0.0.0.0 0.0.0.0 6665 tcp

outbound 10 deny 0.0.0.0 0.0.0.0 7777 tcp

outbound 10 deny 0.0.0.0 0.0.0.0 6997 tcp

outbound 10 deny 0.0.0.0 0.0.0.0 5190 tcp

outbound 10 deny 0.0.0.0 0.0.0.0 12011 tcp

outbound 10 deny 0.0.0.0 0.0.0.0 5760 tcp

outbound 10 deny 0.0.0.0 0.0.0.0 1731 tcp

outbound 10 deny 0.0.0.0 0.0.0.0 1720 tcp

outbound 10 deny 0.0.0.0 0.0.0.0 389 tcp

outbound 10 deny 0.0.0.0 0.0.0.0 1503 tcp

outbound 10 deny 0.0.0.0 0.0.0.0 522 tcp

outbound 10 deny 0.0.0.0 0.0.0.0 8875 tcp

apply (inside) 10 outgoing_src

to deny that port for all!

tell me about your final desition! OK!

141
Views
0
Helpful
2
Replies