Hi Yatin ,

Thanks for your reply.The data which goes out or comes inn to the network through the PIX , must be scanned through the anti-virus software. is it possible...?

Thx & Regds

Anthony

Anthony --

As far I'm aware, the PIX should have no problem handling AV scanned data. I've actually have 10 Mail servers on the inside and are being scanned for AV with McAFee EPO and also have PIX 515 protecting the inside network. So, for your question - AV and PIX Will it work, the answer is yes.

Hope this helps and let us if you need any more help.

Hi Yatin,

Mailservers loaded with antivirus and pix providing the security will work independantly. but there is requirement that the data going to internet and comming from internet has to be scanned. I will give an example ,,,In PIX we can configure URL filtering server....whenever users types some URL it will be validated by the URL server , redirected by the the PIX that we wil configure in the PIX. some thing in the same way is there any solution for antivirus software....? can u send some document releated..

regds

Anthony

Anthony --

You are talking about URL Filtering on PIX - Am I correct ? and you have AV software on your inside clients ?

What is your PIX Model and which PIX IOS are your running ?

Thanks --

Anthony --

Here is a more info. on URL Filtering for PIX :

URL Filtering—PIX Firewall URL filtering is provided in partnership with NetPartners WebSENSE server software. The PIX Firewall will check outgoing URL requests with the policy defined on the WebSENSE server running either on Windows NT or UNIX. Based on responses from the NetPartners server, which matches requests against Web-site characteristics deemed inappropriate for business use, the PIX Firewall either permits or denies connections. Because URL filtering is handled on a separate platform, no additional performance burden is placed on the PIX Firewall

http://www.cisco.com/warp/public/cc/pd/fw/sqfw500/prodlit/pix_pa.htm

Hope this helps - Jay

Hi Yatin,

Thx for the info , this will give a workaround solution.

Regds

Anthony

Hey Yatin,

Is there a public version of that document? My CCO login won't work there.

I know eh! You would think by now cisco would integrate that feature in their

product instead of losing business to other vendors.

They have the url scan feature why not a virus scan as well or even better

produce their own line of virus engine much like what they have for

the vpn concentrator or IDS. (Something to think about)

That would seem like no easy task. The PIX would have to had off the packets containg the data that needed to be scanned to some AV appliance...which would have to do the scan, alter if necessary and then relay it back to the PIX for delivery. I am certain it can be done...but may take some effort. BTW...weren't the AV manufacturers supposed to build AV appliances that did this sort of thing???