Home page logo
/

firewall-wizards logo Firewall Wizards mailing list archives

Re: Cisco ASA 5510 and proxy server detection
From: nick leachman <nleachman () gmail com>
Date: Wed, 8 Feb 2006 14:03:41 -0500

On 2/7/06, Aaron Smith <smitha () byui edu> wrote:
On Tue, 2006-02-07 at 06:05 -0800, John Madden wrote:
Hi,

Is there a way to NOT permit users from the inside to
connect to a proxy server on the outside and bypassing
the Web filtering software ?

Thank you

Fight fire with fire. Force all users to use an internal proxy and only
allow that proxy out. Deny the rest.


________________________________________________________________________

@@ron Smith <smitha () byui edu>
Network Operations
Brigham Young University Idaho



_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards


Aaron, I'm not fluent on the 5510 per se; but if you are
authenticating to an external AAA server such as a RADIUS server you
might be able to set up downloadable ACLs and tie them to the users
who are to be denied Internet access.

The ACLs would permit traffic only to and from your internal network;
so if they tried to head into the wild they'd get denied - period.

Regards,
nick

--



"The Lord bless you and keep you;
The Lord make His face to shine upon you,
And be gracious to you;
The Lord lift up His countenance upon you,
And give you peace."
 - Num. 6:24-26
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault