Default gateway in PIX

ejaj · ‎03-30-2003

I want to integrate a virus scanner m/c for http taffic and mail traffic with PIX. The virus scanner m/c is required to be put at DMZ. How can I do this and how shall I write "ip route ......." command for this purpose.

--ejaj

Report Inappropriate Content · ‎03-31-2003

mostiguy · ‎03-31-2003

There isn't a good way of doing this for the pix. You possibly can do it with a router in front of or behind the pix.

For http use from the inside of your pix, you would most likely need the router between the inside int of the pix, and your userbase.

For smtp filtering in and out of your network, you can probably make this work on your own. I imagine that if you configure your mailservers to send all mail outbound through the virus scanner, that should take care of all outbound filtering. Set up the smtp filtering device with your only mx record, and that should ensure that all inbound mail is scanned

ejaj · ‎03-31-2003

Agreed. I implemented smtp the same way already and it is working fine. Now How to do for http traffic.

--ejaj

yizhar · ‎04-13-2003

HI.

Consult the manuals/support of the content filter box you have. It probably supports acting as http proxy server, and then you can configure the workstations to use it as a proxy.

I have helped someone with a similar solution using a McAffee content filter server (don't remember the name of it).

That server had two options for configuration, and we have choosed to implement it as a proxy server + mail relay.

So the traffic was redirected to the content filter at the application level (browser and mail servers configuration), and the pix was configurred to enforce it (block direct traffic).

The other option was to place it in the path of the traffic as a transparent device.

Yizhar

ejaj · ‎04-15-2003

Dear Izhar

Shall you explain more. I feel this is exactly what I want to do.

-----ejaj