On 2/7/06, Aaron Smith <smitha_at_byui.edu> wrote:
> On Tue, 2006-02-07 at 06:05 -0800, John Madden wrote:
> > Hi,
> >
> > Is there a way to NOT permit users from the inside to
> > connect to a proxy server on the outside and bypassing
> > the Web filtering software ?
> >
> > Thank you
>
> Fight fire with fire. Force all users to use an internal proxy and only
> allow that proxy out. Deny the rest.
>
>
> ________________________________________________________________________
>
> @@ron Smith <smitha_at_byui.edu>
> Network Operations
> Brigham Young University Idaho
>
>
>
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards_at_honor.icsalabs.com
> http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
>
Aaron, I'm not fluent on the 5510 per se; but if you are
authenticating to an external AAA server such as a RADIUS server you
might be able to set up downloadable ACLs and tie them to the users
who are to be denied Internet access.
The ACLs would permit traffic only to and from your internal network;
so if they tried to head into the wild they'd get denied - period.
Regards,
nick
--
"The Lord bless you and keep you;
The Lord make His face to shine upon you,
And be gracious to you;
The Lord lift up His countenance upon you,
And give you peace."
- Num. 6:24-26
_______________________________________________
firewall-wizards mailing list
firewall-wizards_at_honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Received on Feb 08 2006
Intro
