Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Cisco ASA 5510 and proxy server detection

From: nick leachman <nleachman () gmail com>
Date: Wed, 8 Feb 2006 14:03:41 -0500
On 2/7/06, Aaron Smith <smitha () byui edu> wrote:

On Tue, 2006-02-07 at 06:05 -0800, John Madden wrote:

Hi,

Is there a way to NOT permit users from the inside to
connect to a proxy server on the outside and bypassing
the Web filtering software ?

Thank you


Fight fire with fire. Force all users to use an internal proxy and only
allow that proxy out. Deny the rest.


________________________________________________________________________

@@ron Smith <smitha () byui edu>
Network Operations
Brigham Young University Idaho



_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards



Aaron, I'm not fluent on the 5510 per se; but if you are
authenticating to an external AAA server such as a RADIUS server you
might be able to set up downloadable ACLs and tie them to the users
who are to be denied Internet access.

The ACLs would permit traffic only to and from your internal network;
so if they tried to head into the wild they'd get denied - period.

Regards,
nick

--



"The Lord bless you and keep you;
The Lord make His face to shine upon you,
And be gracious to you;
The Lord lift up His countenance upon you,
And give you peace."
 - Num. 6:24-26
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: