20 Most Recent Cisco PIX 515E Firewall Questions & Answers

Do the nslookup for the three websites and write an access list to permit the traffic only to the said website ip addresses

Eg.

1. go to dos prompt

2. type "nslookup"

3. type "www.rediff.com

Note : You will get the ip address of the websites

4. Create an object group for these websites

5. Add ip addresses of the websites

6. create an access-control list element to permit the traffic from your circle office to this object group for port tcp 80 and 443

You are done

The PIX is a layer 3 device, I cant say that I have ever tried to filter a mac address. I'm pretty sure you cant

I would check negotiaion on the port that goes down if you are sure the cabling is correct

You have to create a route statement to allow workstations to get online.

Below is the command:
route interface_name ip_address netmask gateway_ip

Example:
route outside 0.0.0.0 0.0.0.0 200.200.200.1
or
route outside 0 0 200.200.200.1

When there is already a route statement but still cannot get online, check the DNS settings.

Assuming you are running the latest version.
Short answer:
# access-list acl-outside line 1 deny ip IPYOUWANTTOBLOCK 255.255.255.255 any # write memory
The link below contains a longer helpful explanation: http://www.velocityreviews.com/forums/t35733-how-to-block-external-ip-address-on-pix-515e.html
I hope this helps.

please check after disabling javascript/activex filtering on your firewall only for this site.
If you could post me the configuration then it would be really good.

you can only block orkut sites that you know by IP but the Pix alone cannot do it since it requires an application like websense to do URL filtering. If you have the IPs and need help creating the ACLs, feel free to let me know

Hello,

The pix does not allow you to block urls except if you use it in conjunction with websense for example. You could however deny all outgoing traffic to port 80 except for the ip address of the websites you want to be able to access.

To do that you would setup an access-list allowing you internal network to access certain ips on port 80 and deny all other traffic outgoing.

Let me know if you need more information on how to accomplish this.

Dear Kiran,

What is the name assigned for isp 1 as well as isp2.

for your reference kindly find the sample configuration......
ISP 1:
interface ethernet 0 100 full
nameif outside security-lvl 0
ip address outside 203.193.129.132 255.255.255.240.
nat (inisde) 1 (local network)
global (outside) 1 203.193.129.133
route outside 0 0 203.193.129.129.1.

regards,
mani.S

try www.opendns.org
set up in 5 minutes, need some knowledge in dns.

You have to register and validate a link from the internet IP you want to filter.
This ip may be dynamically assigned.

Commercial : websense

talk to CISCO on there official forum. real start here https://community.cisco.com/ why go anywhere else. as rules can be fluid , for sure if security gets more tight every day. talk to them , actual

these are the popular firewall for recent days: ·Packet filtering firewall ·Circuit-level gateway ·Stateful inspection firewall ·Application-level gateway (aka proxy firewall) ·Next-generation firewall

• Packet filtering - ...
• Stateful filtering - ...
• Routing support - ...
• Transparent firewall - ...
• AAA support - ...
• VPN support - ...
• Supports IPv6 - ...
• VPN load Balancing -

Su mensaje no califica como una pregunta o consulta para un problema, intente en otro lugar NO HAGA ESTE SITIO CON SU BASURA Lleve su BASURA a otro lado Su mensaje califica como SPAM

Your message does not qualify as a question or query for a problem, try somewhere else DO NOT MAKE THIS SITE WITH YOUR GARBAGE Take your GARBAGE to another Side Your message qualifies as SPAM

Your message does not qualify as a question or query for a problem, try somewhere else DO NOT MAKE THIS SITE WITH YOUR GARBAGE Take your GARBAGE to another Side Your message qualifies as SPAM

ACURTNADA, Your message does not qualify as a question or query for a problem, try somewhere else DO NOT MAKE THIS SITE WITH YOUR GARBAGE Take your GARBAGE to another Side Your message qualifies as SPAM

Warning SCAM - DO NOT CALL THESE NUMBERS. These phony support numbers send you to criminal call centers where they will install malware, steal ID and/or extort money from you . Please only ever use the support contacts from the official company website

Your message does not qualify as a question or query for a problem, try somewhere else DO NOT MAKE THIS SITE WITH YOUR GARBAGE Take your GARBAGE to another Side Your message qualifies as SPAM

THIS IS A SCAM- DO NOT CALL THESE NUMBERS. These phony support numbers send you to criminal call centers where they will install malware, steal ID and/or extort money from you . Please only ever use the support contacts from the official company website