For N2H2 filtering servers, the url-block block command causes the PIX firewall to buffer packets received from a web server in response to a web client request while it waits for a response from the URL filtering server. This improves performance for the web client compared to the default PIX firewall behavior, which is to drop the packets and to require the web server to retransmit the packets if the connection is permitted.
When the url-block block command is used and the filtering server permits the connection, the PIX firewall sends the blocks to the web client from the HTTP response buffer and removes the blocks from the buffer. If the filtering server denies the connection, the PIX firewall sends a deny message to the web client and removes the blocks from the HTTP response buffer.
The url-cache command provides a configuration option in order to allow the PIX to cache previously retrieved URL access privileges from a Websense or N2H2 server. Caching stores URL access privileges in memory on the PIX firewall. When a host requests a connection, the PIX firewall first looks in the URL cache for access privileges that match and does not forward the request to the N2H2 or Websense server.