Configure ACLs and Content Filters
URL filtering

The PIX Security Appliance can be enabled to work with a Websense or N2H2 URL-filtering application . When the PIX receives a request to access a URL from users, it queries the URLfiltering server to determine whether to return, or block, the requested web page.

Before URL filtering can begin, at least one server on which a Websense or N2H2 URL filtering application will run must be designated. The limit is 16 URL servers. Only one URL filtering application, either N2H2 or Websense, can be used at one time. Additionally, changing the configuration on the PIX Security Appliance does not update the configuration on the application server. This configuration must be done separately, according to the vendor instructions.

Use the url-server command to designate the server on which the URL filtering application runs, and then enable the URL filtering service with the filter url command.

PIX Security Appliance Software Versions 6.1 and earlier do not support the filtering of URLs longer than 1159 bytes. PIX version 6.2 supports the filtering of URLs up to 6 KB for the Websense filtering server. The maximum allowable length of a single URL can be increased by entering the url-block url-size command. This option is available with Websense URL filtering only.

HTTPS and FTP Filtering
This feature extends Web-based URL filtering to HTTPS and FTP. The filter ftp and filter https commands were added to the filter command in PIX Security Appliance Software Version 6.3. The filter ftp command enables FTP filtering. The filter https command enables HTTPS filtering. The filter ftp and filter https commands are available with Websense URL filtering only.

The example command in Figure instructs the PIX Security Appliance to send all URL requests to the URL filtering server to be filtered. The allow option in the filter command is crucial to the use of the PIX URL filtering feature. If the allow option is used and the URL filtering server goes offline, the PIX lets all FTP and HTTPS URL requests continue without filtering. If the allow option is not specified, all FTP and HTTPS URL requests are stopped until the server is back online.

Figure shows the syntax for the filter ftp and filter https commands.

More information about these commands can be found in the Command Reference.


Lab Activity

Lab Exercise: Configure ACLs in the PIX Security Appliance using CLI

In this lab activity, students will learn to disable pinging from an interface. Students will then configure inbound and outbound access control lists (ACLs).

Lab Activity

e-Lab Activity: Filter Java, ActiveX, and URLs with the PIX Security Appliance

In this activity, the student will block Java applets and ActiveX controls.

Lab Activity

e-Lab Activity: URL Filtering with the PIX Security Appliance

This activity will demonstrate how to configure URL Filtering on the PIX Security Appliance.

Web Links