Content filtering with a Cisco PIX 501??

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

scs-04

Thread Starter
Joined
Jan 10, 2005
Messages
118
Let me start by saying I am not real educated in any of Cisco's products. I have just picked up a client that has a PIX 501 that they are using as their router/firewall. They have a couple employees that are 'abusing' the internet access and visiting sites they shouldn't be on at work. Can we do any content filering with the PIX 501 or will we need another device.

Thanks for any advice
 

zx10guy

Trusted Advisor
Spam Fighter
Joined
Mar 30, 2008
Messages
6,486
Looking through the ASA configuration, the only thing I can see which will do this is filtering using a Websense or Secure Computing SmartFilter server. If the ASAs don't have the ability to do this internally, I doubt the 501 will be able to do this. Not even sure if the 501 can leverage an external URL filtering server.

One alternative for you is to do an nslookup on the domain to resolve the IP of the offending website. Then create an access rule tied to that IP and just set a generic deny on protocol IP. This will just do a sweeping block of the site on that IP. You have to set the rule to be applied from the inside going out with the source IP being any because you just want a generic block across your internal network to a destination of the offending IP.

Lastly, if it's not already in the company's policy, there should be a code of conduct and appropriate use policy in an employee handbook. If there isn't one already in place, I would strongly suggest your clients put one in place. They should also have a general briefing of the policies and have every employee acknowledge the receipt of the policies and the thorough understanding of the policies along with consequences if they violate the rules. If they continue to violate policies which have been put in place and they are well aware of, then the company should just fire them.
 

scs-04

Thread Starter
Joined
Jan 10, 2005
Messages
118
Thanks for the responses. They do have a conduct policy in place but it doesn't look like they enforce it too well. Well it is not just one site or certain sites they are abusing it is a bunch of the same type of sites so I was looking for something that could block a broader range. Any suggestions with out replacing the PIX?

Thanks
 

zx10guy

Trusted Advisor
Spam Fighter
Joined
Mar 30, 2008
Messages
6,486
If they are not enforcing their own policies, trying to solve this problem via an IT solution is just chasing your tail....in my opinion. There's really on so much you can do before someone figures out another way around your countermeasures.
 

zx10guy

Trusted Advisor
Spam Fighter
Joined
Mar 30, 2008
Messages
6,486
This is assuming the users don't have local administrator rights to their respective PCs.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top