Cisco PIX 515, help
Results 1 to 3 of 3

Thread: Cisco PIX 515, help

  1. #1
    Member
    Join Date
    Jan 2002
    Posts
    61

    Question Cisco PIX 515, help

    Hey guys

    I need some help configuring our FW. We have about 1500 nodes behind a Cisco 515r FW. Recently we have seen an increase of network traffic due to P2P progs and also IM (instatnt messaging) progs. I have tried to block specific traffic from these progs but they are constantly changing their IP's and port numbers. What I would like to do is to block all unused ports. From the research that I have done, it looks like if I block everything > 1024, I should not interfer with any "normal" network operations(DNS, telnet, SNMP, SMTP, ftp, etc.) What do you guys think????? Also, does anyone the syntax to do such a thing?

  2. #2
    Senior Member
    Join Date
    Oct 2002
    Posts
    314
    As long as you are not running any apps on higher ports you should be fine.

    Although some P2P apps and IM progs can have a port specified, so could get around this using lower number ports. Couldn`t you just use a deny everything rule after all your other rules? I`m not sure, I can`t remember the PIX syntax...
    Quis custodiet ipsos custodes

  3. #3
    Senior Member
    Join Date
    Jan 2002
    Posts
    458
    the syntax is:

    access-list <acl_name> deny tcp any any gt 1024

    be very careful though. Many applications will legitimately use ports higher than 1024. My advice would be to monitor traffic through the PIX before deciding to use a rule like this. THe best solution would be to look at some type of content filtering solution like Websense. Many of these will allow you block IM traffic based on the database that is updated from the vendor. It is much easier than trying to do it manually. Also, a proxy server for outbound web traffic would allow you to have much greater control over traffic leaving your network because you could restrict all ports on your PIX except the web traffic coming directly from your proxy . Beware though, many IM programs now use HTTP an HTTP transport which can use a proxy. But, that is why I recommend using content filtering.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •