07-10-2003 02:47 PM - edited 02-20-2020 10:50 PM
Is it possible to do any Application layer filtering on a Pix? I would like to setup filters to block outbound access of certain apps such as certain streaming media and dangerous content (kaaza, certain viruses, etc) going over port 80. Websense hels some, but only blocks ports and not certain apps that use port 80 but not non http traffic. Is it possible to do any of this with a Pix? If not would this be possible to do on a 7206VXR Router at the Internet and what would the requirements be (Version, Featureset, etc). Any good links would appreciated too.
07-10-2003 02:53 PM
On the PIX, the short answer is no. The PIX is not an application-layer gateway. It just doesn't go that high into the OSI model when inspecting traffic.
07-10-2003 04:12 PM
Hello,
In nutshell, if web sense cannot do the filtering on layer 7 that granular level, then PIX, or router will not be able to do that either.
Regards,
Mynul
07-10-2003 06:33 PM
What about on a 6509 with Sup1A, MSFC1, and PFC1. I'm pretty sure it can be done on there but don't know how. Would it just be configured as an ACL in the router interface of the 6509? Does anyone have a good link or info they can share?
07-10-2003 07:18 PM
search for NBAR - an ios feature that can really drill into packet's guts.
07-15-2003 08:25 AM
I think the Blue Coat (formerly Cacheflow) proxy cache can do this. It can be integrated between your PIX and WebSense. Good luck getting info from them though, their sales people don't like returning calls.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide