The PIX Security Appliance can be enabled to work with a Websense
or N2H2 URL-filtering application
. When the PIX
receives a request to access a URL from users, it queries the URLfiltering
server to determine whether to return, or block, the requested web page.
Before URL filtering can begin, at least one server on which a Websense or
N2H2 URL filtering application will run must be designated. The limit is 16 URL
servers. Only one URL filtering application, either N2H2 or Websense, can be
used at one time. Additionally, changing the configuration on the PIX Security
Appliance does not update the configuration on the application server. This
configuration must be done separately, according to the vendor
instructions.
Use the url-server command to designate
the server on which the URL filtering application runs, and then enable the URL
filtering service with the filter url command.
PIX
Security Appliance Software Versions 6.1 and earlier do not support the
filtering of URLs longer than 1159 bytes. PIX version 6.2 supports the
filtering of URLs up to 6 KB for the Websense filtering server. The maximum
allowable length of a single URL can be increased by entering the
url-block url-size command. This option is available
with Websense URL filtering only.
HTTPS and FTP Filtering This
feature extends Web-based URL filtering to HTTPS and FTP. The filter
ftp and filter https commands were added to the
filter command in PIX Security Appliance Software Version 6.3. The
filter ftp command enables FTP filtering. The
filter https command enables HTTPS filtering. The
filter ftp and filter https commands
are available with Websense URL filtering only.
The example command in
Figure
instructs the PIX Security Appliance to send all URL requests to the URL
filtering server to be filtered. The allow option in the
filter command is crucial to the use of the PIX URL filtering feature. If the
allow option is used and the URL filtering server goes
offline, the PIX lets all FTP and HTTPS URL requests continue without
filtering. If the allow option is not specified, all FTP
and HTTPS URL requests are stopped until the server is back online.
Figure
shows the syntax
for the filter ftp and filter https
commands.
More information about these commands can be found in the
Command Reference.
Lab
Exercise: Configure ACLs in the PIX Security Appliance using CLI
In this
lab activity, students will learn to disable pinging from an interface.
Students will then configure inbound and outbound access control lists
(ACLs).