Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Layer 7 Filtering for port 80 Applications on Pix

Is it possible to do any Application layer filtering on a Pix? I would like to setup filters to block outbound access of certain apps such as certain streaming media and dangerous content (kaaza, certain viruses, etc) going over port 80. Websense hels some, but only blocks ports and not certain apps that use port 80 but not non http traffic. Is it possible to do any of this with a Pix? If not would this be possible to do on a 7206VXR Router at the Internet and what would the requirements be (Version, Featureset, etc). Any good links would appreciated too.

5 REPLIES
New Member

Re: Layer 7 Filtering for port 80 Applications on Pix

On the PIX, the short answer is no. The PIX is not an application-layer gateway. It just doesn't go that high into the OSI model when inspecting traffic.

Silver

Re: Layer 7 Filtering for port 80 Applications on Pix

Hello,

In nutshell, if web sense cannot do the filtering on layer 7 that granular level, then PIX, or router will not be able to do that either.

Regards,

Mynul

New Member

Re: Layer 7 Filtering for port 80 Applications on Pix

What about on a 6509 with Sup1A, MSFC1, and PFC1. I'm pretty sure it can be done on there but don't know how. Would it just be configured as an ACL in the router interface of the 6509? Does anyone have a good link or info they can share?

Silver

Re: Layer 7 Filtering for port 80 Applications on Pix

search for NBAR - an ios feature that can really drill into packet's guts.

New Member

Re: Layer 7 Filtering for port 80 Applications on Pix

I think the Blue Coat (formerly Cacheflow) proxy cache can do this. It can be integrated between your PIX and WebSense. Good luck getting info from them though, their sales people don't like returning calls.

www.bluecoat.com

143
Views
0
Helpful
5
Replies
CreatePlease to create content