RE: PIX questions

[shewitt () cdw com]

Conduits are going away.  
Make sure to use access-lists for all your traffic filtering.

WebSense is enabled for traffic by the "filter url" command 
filter url http 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 allow
This will use websense for all HTTP traffic coming across the PIX.  The
allow statement at the end tells the PIX to allow HTTP traffic to pass if
the websense server doesn't respond.  

With one of the slightly newer versions of the PIX and websense software,
you can communicate to the websense server using UDP.  I have had great luck
with this and hightly recommended it over TCP if it works for you.  I found
that when I used TCP, each request was sent in a completely new TCP session.
This created an unnecessary amount of overhead

Here's how to configure the PIX for it:
url-server (inside) host x.x.x.x timeout 3 protocol UDP version 4

 
 
-------------------------------
Scott Hewitt
Internet Network Administrator
shewitt () cdw com <mailto:shewitt () cdw com> 

-----Original Message-----
From: Phu Quy [mailto:npquy () vnn vn]
Sent: May 23, 2001 11:57 PM
To: firewall-wizards () nfr com
Subject: [fw-wiz] PIX questions


Dear all,

I have some question about Cisco PIX firewall 520 :

1. What is the difference between outbound command, conduit command and
access list ?? It seem If you use Access list command, outbound and conduit
command are not effect ?
2. When I use WEBSENSE for URL Filter, Can I use access list comannds for
deny some address in simultaneously ??

Please Help me

Thank you very much


Phu Quy
Technical Engineer
VietNam Data Communication Copany

_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://www.nfr.com/mailman/listinfo/firewall-wizards
_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://www.nfr.com/mailman/listinfo/firewall-wizards