Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations bkrike on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Blocking Web Sites
- Thread starter E1Designs
- Start date
wirelesspeap
Technical User
You need to have a third party applications such as
Websense or N2H2 to do this. Without 3rd party applications, this can NOT be done on the Pix firewall,
unless, you do a "nslookup" and block by IPs on the pix.
But that is a very stupid way to do it on Cisco Pix.
The people who designed the Pix is not very smart people,
IMHO. That is not to say that I am smart either but
why they didn't figure this in the first place is beyond
me.
That being said, this can be done rather easily with
Checkpoint Firewalls. There is a feature called "domain"
object that you can use to block websites. Blocking web
sites via "domain" is a poor man approach. If you want
something fancy, you can also use 3 party applications
such as N2H2 or Websense to do the same thing as Cisco Pix.
HTH
Wirelesspeap
CCSA-NG/CCSE-NG
Cisco CCIE Security
Websense or N2H2 to do this. Without 3rd party applications, this can NOT be done on the Pix firewall,
unless, you do a "nslookup" and block by IPs on the pix.
But that is a very stupid way to do it on Cisco Pix.
The people who designed the Pix is not very smart people,
IMHO. That is not to say that I am smart either but
why they didn't figure this in the first place is beyond
me.
That being said, this can be done rather easily with
Checkpoint Firewalls. There is a feature called "domain"
object that you can use to block websites. Blocking web
sites via "domain" is a poor man approach. If you want
something fancy, you can also use 3 party applications
such as N2H2 or Websense to do the same thing as Cisco Pix.
HTH
Wirelesspeap
CCSA-NG/CCSE-NG
Cisco CCIE Security
- Thread starter
- #3
NetworkGhost
IS-IT--Management
Your best bet would be to purchase a proxy. Another option if you have a windows domain is to set up AD to block sites in Internet Explorer (If thats what your users use). If you have a internal DNS Server you could set up host records to dumps them to a fake IP (Not a great option). You can use squid as a free proxy that runs on Linux. You can also run Squid on a windows box after you install cygwin.
Try this link:
Then, only allow your proxy out on http/https and make all of your users point to the proxy in their broswers.
Try this link:
Then, only allow your proxy out on http/https and make all of your users point to the proxy in their broswers.
Proxy servers and firewalls support add-on products to block by domain, url content and others. We use Pix with Websense to do this. That's the best approach, partly because it requires no browse reconfiguration, but requires a subscription to Websense.
- Thread starter
- #6
NetworkGhost
IS-IT--Management
Give me a doy or so to get back. Its been awhile since Ive been in AD. What I use to do was download the spam list from Adaware and add those sites to the restricted sites list. If your users have admin privs. This could be worked around
- Status
Similar threads
- Locked
- Question
- Locked
- Question
- Locked
- Question
- Locked
- Question