04-05-2011 10:44 PM
We have successfully integrated our ASA5510 and IronPort S160 appliance with Active Directory and eDirectory. We've configured AD to push IE settings to use the IronPort proxy.pac file. Now we need to "Block" un-configured IE access to Port 80 traffic.
In my ASA i have a firewall exception for our WAN IP ranges (source) to any Destination port tcp/http, tcp/https and domain. If I remove the tcp/http from the exception "ALL" port 80 traffic stops, including those PCs configured to use the IronPort Poxy.pac file.
So where have I gone wrong? I want to block un-configured IE access to Port 80, forcing all users to pass through the IronPort appliance.
Solved! Go to Solution.
04-06-2011 06:45 AM
I'd have to see the ACL for sure, I'd bet you are missing a permit for port 80 from from the Ironport's ip address.
04-06-2011 06:45 AM
I'd have to see the ACL for sure, I'd bet you are missing a permit for port 80 from from the Ironport's ip address.
04-06-2011 08:29 AM
I hate this job. About 11:10 PM as I was trying to get ready for bed, I had the same thought. Of course I had to test it out, so back to the VPN connection I went and added the filter permit for port 80 for the Ironport's ip address and viola it worked. Thanks for answering my post just the same.
04-13-2011 09:34 AM
You need to permit the ip of the WSA to get out on port 80...
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide