Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
Hi Dennis,I notice that the ACL_OUT permits www and tcp 135, but the static commands don't.As there are no problems with smtp and pop3, and you're seeing acl matches on the https line, I'd examine the ssl configuration on your exchange server - verif...
To allow traffic from a lower security level interface to a higher security level interface, two things are required:1. An ACL that permits the traffic from source to destination for a particular service.2. A static statement that instructs the PIX ...
You're correct in that the PIX cannot restrict based on domain name. An alternative would be to blackhole IM domains/hosts e.g., login.oscar.aol.com, by having internal/dmz dns entries for them which direct traffic to a null0 interface somewhere.
Rob,The best approach to this problem is with an acceptable use policy. That being said, blocking access to the login servers used by the chat services using nslookup and acl's is an effective, if not administratively efficient, method to control th...
