We are using Web Sense to block most of the Sites that we feel necessary but have had problems with programs like AOL, MSN, ICQ chat programs. So I am going to stop this at the PIX and was wonder who out there had blocked Chat programs in the enterprise, and methods used.
I fully understand the steps needed to block what is needed on the PIX but was wanting to hear horror storied or problems you might have encountered. I would also like to know what sites (address\protocols) you had to block to stop these programs because some are http based. (AIM, MSN,ect).
For those of you who have applied rules to the inside interface of the pix, did you notice any performance issues or any other problem related to having all outbound traffic filtered?
Rob Mears III, CCNP, MCSE, CNE, NNCDS, NNCSS, NNCPS, MCP+I, A+
You will have some definite hurdles to surmount with http based programs as there are few if any known solutions out there for this. Blocking known ports for software such as ICQ poses no larger problem than shutting down telnet or something similar.
Try Packetshaper or NetEnforcer. They are bandwidth managing tools that identify various applications and then you may apply a variety of policies. For instance, you may limit the bandwidth per session, per application or block the application all together. It is neat and fairly inexpensive. Not that difficult to use and great customer support.