Firewall Wizards mailing list archives
Re: Blocking Video/Audio Streaming
From: "Horvath, Kevin M." <KEVIN.M.HORVATH () saic com>
Date: Wed, 24 May 2006 09:28:52 -0400
The pix is not just a packet filter only. It is a stateful firewall which keeps track of sessions not just source and destination. Just source and destination would be an example of a router access list. If you want to do content filtering then look at the fixup command which will interogate the actual packets themselves for certain protocols when enabled. try fixup protocol http and fixup protocol rtsp 80. If the fixup on rtsp doesnt work which it should, then the fixup on http when enable will allow you filter urls once you track them down (more tedious but doable). Also if you have the resources invest in a reverse proxy. If you have a big user community you are shooting yourself in the foot not having one. Enjoy. Kevin -----Original Message----- From: firewall-wizards-bounces () listserv icsalabs com on behalf of Mathew Want Sent: Tue 5/23/2006 7:30 PM To: 'Firewall Wizards Security Mailing List' Subject: Re: [fw-wiz] Blocking Video/Audio Streaming Hi. Pix can't as far as I know as it is a packet filter only. It makes its decision based on source and destination, not content as it has (or at least had) no application layer gateway (ALG) inspection ability. If you want to control content like that you probably want to look at a proxy server/firewall or content filter that is able to see if the traffic is in fact HTTP or !HTTP and allow or deny based on this. My best guess anyway...... Mat -----Original Message----- From: firewall-wizards-bounces () listserv icsalabs com [mailto:firewall-wizards-bounces () listserv icsalabs com] On Behalf Of R. Rocky Sent: Tuesday, 23 May 2006 9:31 AM To: firewall-wizards () listserv icsalabs com Subject: [fw-wiz] Blocking Video/Audio Streaming Hi List, Many of the streaming video/audios uses http port 80 as transport, It is possible to block this type of traffic on Cisco PIX/IOS FW? a sample config will really help me. MMS and RTSP ports are already closed but i am still getting large traffic thru http port 80. Thanks. _______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards _______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
_______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Blocking Video/Audio Streaming R. Rocky (May 23)
- Re: Blocking Video/Audio Streaming PaulM (May 23)
- Re: Blocking Video/Audio Streaming Peter Trembath (May 24)
- Re: Blocking Video/Audio Streaming R. Rocky (May 24)
- Re: Blocking Video/Audio Streaming Rod Engelsman (May 24)
- Re: Blocking Video/Audio Streaming Mathew Want (May 24)
- <Possible follow-ups>
- Re: Blocking Video/Audio Streaming Horvath, Kevin M. (May 24)
- Re: Blocking Video/Audio Streaming Naveen Gowda (May 25)
- Re: Blocking Video/Audio Streaming PaulM (May 23)