Layer 7 Filtering for port 80 Applications on Pix

NPT_2 · ‎07-10-2003

Is it possible to do any Application layer filtering on a Pix? I would like to setup filters to block outbound access of certain apps such as certain streaming media and dangerous content (kaaza, certain viruses, etc) going over port 80. Websense hels some, but only blocks ports and not certain apps that use port 80 but not non http traffic. Is it possible to do any of this with a Pix? If not would this be possible to do on a 7206VXR Router at the Internet and what would the requirements be (Version, Featureset, etc). Any good links would appreciated too.

tbissett · ‎07-10-2003

On the PIX, the short answer is no. The PIX is not an application-layer gateway. It just doesn't go that high into the OSI model when inspecting traffic.

mhoda · ‎07-10-2003

Hello,

In nutshell, if web sense cannot do the filtering on layer 7 that granular level, then PIX, or router will not be able to do that either.

Regards,

Mynul

NPT_2 · ‎07-10-2003

What about on a 6509 with Sup1A, MSFC1, and PFC1. I'm pretty sure it can be done on there but don't know how. Would it just be configured as an ACL in the router interface of the 6509? Does anyone have a good link or info they can share?

mostiguy · ‎07-10-2003

search for NBAR - an ios feature that can really drill into packet's guts.

r-lemaster · ‎07-15-2003

I think the Blue Coat (formerly Cacheflow) proxy cache can do this. It can be integrated between your PIX and WebSense. Good luck getting info from them though, their sales people don't like returning calls.

www.bluecoat.com