Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
The HIDS Agent doesn't seem to uninstall properly. It doesn't remove the enterceptAgent service from HKLM/System/CurrentControlSet/Services (even after reboot), and if you try to re-install it, it says 'Agent already Installed'. Deleting the regist...
MSN is pretty easy because it uses a fixed port. Some (like Yahoo pager) are difficult because they will find a port that is open. To block the tricky ones, you have to block all of the hosts that they will conect to at the top of your outbound acc...
I've done this quite a bit. Just setup a new access-list to define the match traffic, setup a new crypto map with a different number, setup NAT and setup routes to take traffic through your VPN interface. For example:access-list first_vpn permit ip...
I just did a quick packet capture for this and it revealed that a connection was made to port 443 during the update. You should be able to just add:access-list acl_dmz permit tcp 172.16.16.0 255.255.255.0 any eq 443hope this helps,Brian
I have several of these working on my PIX. The only problem I see with yours is that you used the "http" key word in your statement, which won't work; it should just appear like this:filter url except 0 0 63.192.19.21 255.255.255.255
You can get the PIX firewall syslog server here:http://www.cisco.com/cgi-bin/tablebuild.pl/pixYou may also wish to consider www.opensystems.com if you want more advanced reporting. If you have a lot of firewalls, IDS and/or HIDS you may wish to try ...
