Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

PIX|Web Sense and chat programs

Hello Cisco people

We are using Web Sense to block most of the Sites that we feel necessary but have had problems with programs like AOL, MSN, ICQ chat programs. So I am going to stop this at the PIX and was wonder who out there had blocked Chat programs in the enterprise, and methods used.

I fully understand the steps needed to block what is needed on the PIX but was wanting to hear horror storied or problems you might have encountered. I would also like to know what sites (address\protocols) you had to block to stop these programs because some are http based. (AIM, MSN,ect).

For those of you who have applied rules to the inside interface of the pix, did you notice any performance issues or any other problem related to having all outbound traffic filtered?

Thank you

Thanks

Rob Mears III, CCNP, MCSE, CNE, NNCDS, NNCSS, NNCPS, MCP+I, A+

Technical Mercenary

Valor Telecom.com

3 REPLIES
New Member

Re: PIX|Web Sense and chat programs

You will have some definite hurdles to surmount with http based programs as there are few if any known solutions out there for this. Blocking known ports for software such as ICQ poses no larger problem than shutting down telnet or something similar.

New Member

Re: PIX|Web Sense and chat programs

Try Packetshaper or NetEnforcer. They are bandwidth managing tools that identify various applications and then you may apply a variety of policies. For instance, you may limit the bandwidth per session, per application or block the application all together. It is neat and fairly inexpensive. Not that difficult to use and great customer support.

New Member

Re: PIX|Web Sense and chat programs

You can use IPS to filter those http based chat programs. Too bad that you are still using pix firewall.

If you are using ASA, you can buy AIP-SSM module which has IPS/IDS function.

HTH.

Regards

Joe

126
Views
0
Helpful
3
Replies