Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations bkrike on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Block Streaming audio/video?

Status
Not open for further replies.
dflanagan

dflanagan

MIS
Oct 5, 2001
115
US
Hello!
I have a PIX 515 with the latest OS. I was wondering, do any of you have tricks that you use to prevent users from connecting to internet audio/video streams using the firewall? I know these streams are capable of using port 80, so closing a particular port is probably not going to help. Just wanted to check before I start to sabotage their media players!

Thanks!

Dave
 
Sort by date Sort by votes
I may be wrong, but the only way to block this is via a content filter - like Websense - PIX has no built in content filtering. "If you lived here, you'd be home by now!"

George Carlin
 
Upvote 0 Downvote
HI.

A proxy server can help here, but I don't know of any specific one to recommend.

Some things that can help:

* Issue the pix CLI command:
show conn
To look for active connections with a small idle time or large byte count.

* Monitor bandwidth usage with tools like PDM, MRTG, SYSLOG, etc..., so you can better know what's going on.
3rd party software may be needed to get useable info.

* A simple instructive email to the emploies can minimize the problem. Resend this email once a month with updated info and positive thinking.
Then, a phisical visit or phone call to those that still use those applications will do the rest
Yes, I know, it depends on the size of the organizations, and I know that not all users will follow instructions, but most of them will.

Bye
Yizhar Hurwitz
 
Upvote 0 Downvote
Think outside the box. In this case the PIX box.

Cisco NBAR on a router with a 'match protocol http url'
will work for those that eventually default to port 80.
 
Upvote 0 Downvote
So will a Smart Filter NM in a router on the inside (I have mine in between the LAN and the PIX acting as a default gateway). A SmartFilter NM can be managed (with a decent price tag) with Secure Computing's Smart Filter manager.
 
Upvote 0 Downvote
That said, I ended going with SurfControl because interface for SmartFilter is not as intuitive and it was about the same price.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

salanje87
  • Locked
  • Question
Block Broadcast storming.
Replies
3
Views
734
hairlessupportmonkey
hairlessupportmonkey
negley97
  • Locked
  • Question
XTM505 - would like to block all smtp traffic out except for Exchange server
Replies
2
Views
244
negley97
negley97
AzDan
  • Locked
  • Question
Block FaceBook but allow access.
Replies
0
Views
191
AzDan
AzDan
Bhawks10
  • Locked
  • Question
Polycom 8000 HDX h.323 video conferencing thru Sonicwall Firewall
Replies
0
Views
190
Bhawks10
Bhawks10
RonSwift
  • Locked
  • Question
Block all telnet connections 1
Replies
4
Views
315
RonSwift
RonSwift

Part and Inventory Search

Sponsor

Back
Top