- •Icons Used in This Book
- •Network Security
- •Vulnerabilities
- •Threats
- •Types of Attacks
- •Network Security Policy
- •AVVID and SAFE
- •How to Best Use This Chapter
- •“Do I Know This Already?” Quiz
- •Foundation Topics
- •Firewall Technologies
- •Cisco PIX Firewall
- •Foundation Summary
- •The Cisco Secure PIX Firewall
- •How to Best Use This Chapter
- •“Do I Know This Already?” Quiz
- •Foundation Topics
- •Overview of the Cisco PIX Firewall
- •Cisco PIX Firewall Models and Features
- •Foundation Summary
- •System Maintenance
- •How to Best Use This Chapter
- •“Do I Know This Already?” Quiz
- •Foundation Topics
- •Accessing the Cisco PIX Firewall
- •Installing a New Operating System
- •Upgrading the Cisco PIX OS
- •Creating a Boothelper Diskette Using a Windows PC
- •Auto Update Support
- •Password Recovery
- •Foundation Summary
- •How to Best Use This Chapter
- •“Do I Know This Already?” Quiz
- •Foundation Topics
- •How the PIX Firewall Handles Traffic
- •Address Translation
- •Translation Versus Connection
- •Foundation Summary
- •“Do I Know This Already?” Quiz
- •Foundation Topics
- •Access Modes
- •Foundation Summary
- •“Do I Know This Already?” Quiz
- •Foundation Topics
- •TurboACL
- •Object Grouping
- •Advanced Protocol Handling
- •Foundation Summary
- •Syslog
- •“Do I Know This Already?” Quiz
- •Foundation Topics
- •How Syslog Works
- •How Log Messages Are Organized
- •How to Read System Log Messages
- •Disabling Syslog Messages
- •Foundation Summary
- •Cisco PIX Firewall Failover
- •“Do I Know This Already?” Quiz
- •Foundation Topics
- •What Causes a Failover Event
- •What Is Required for a Failover Configuration
- •Failover Monitoring
- •Stateful Failover
- •LAN-Based Failover
- •Foundation Summary
- •Virtual Private Networks
- •How to Best Use This Chapter
- •“Do I Know This Already?” Quiz
- •Foundation Topics
- •Overview of VPN Technologies
- •Cisco VPN Client
- •PPPoE Support
- •Foundation Summary
- •Scenario
- •Completed PIX Configurations
- •PIX Device Manager
- •“Do I Know This Already?” Quiz
- •Foundation Topics
- •PDM Overview
- •PIX Firewall Requirements to Run PDM
- •Foundation Summary
- •Content Filtering with the Cisco PIX Firewall
- •“Do I Know This Already?” Quiz
- •Filtering Java Applets
- •Filtering ActiveX Objects
- •Filtering URLs
- •Foundation Summary
- •How to Best Use This Chapter
- •“Do I Know This Already?” Quiz
- •Foundation Topics
- •Overview of AAA and the Cisco PIX Firewall
- •Cisco Secure Access Control Server (CSACS)
- •Foundation Summary
- •How to Best Use This Chapter
- •“Do I Know This Already?” Quiz
- •Foundation Topics
- •Specifying Your AAA Servers
- •Troubleshooting Your AAA Setup
- •Foundation Summary
- •“Do I Know This Already?” Quiz
- •Foundation Topics
- •Multimedia Support on the Cisco PIX Firewall
- •Attack Guards
- •PIX Firewall’s Intrusion Detection Feature
- •ip verify reverse-path Command
- •Foundation Summary
- •Answers to the “Do I Know This Already?” Quizzes and Q&A Questions
- •Chapter 1
- •Chapter 2
- •Chapter 3
- •Chapter 4
- •Chapter 5
- •Chapter 6
- •Chapter 7
- •Chapter 8
- •Chapter 9
- •Chapter 10
- •Chapter 11
- •Chapter 12
- •Chapter 13
- •Chapter 14
- •Chapter 15
- •Appendix B
- •What’s Wrong with This Picture?
Foundation Summary 253
Foundation Summary
The filter url command lets you prevent outbound users from accessing World Wide Web URLs that you designate using one of the following URL filtering applications:
•Websense Enterprise web filtering application—Supported by PIX Firewall version 5.3 or later
•Filtering by N2H2 for IFP-Enabled Devices—Supported by PIX Firewall version 6.2
When a user issues an HTTP request to a website, the PIX Firewall sends the request to the web server and to the filtering server at the same time. If the filtering server permits the connection, the PIX Firewall allows the reply from the website to reach the user who issued the original request. If the filtering server denies the connection, the PIX Firewall redirects the user to a block page, indicating that access was denied.
254 Chapter 12: Content Filtering with the Cisco PIX Firewall
Q&A
The questions in this section are designed to ensure your understanding of the concepts discussed in this chapter and adequately prepare you to complete the exam. You should use the simulated exams on the CD to practice for the exam.
The answers to these questions can be found in Appendix A.
1 How does PIX filter Java applets and ActiveX objects?
ABy commenting out the <OBJECT> </OBJECT> or <APPLET> </APPLET> tags in the HTML page.
BBy deleting the <OBJECT> </OBJECT> or <APPLET> </APPLET> tags in the HTML page.
CIt notifies the content filtering server, which in turn disables the ActiveX objects and Java applets.
DPIX does not filter ActiveX objects or Java applets.
2What is the command to designate or identify the filtering server?
A filter url-server
B url-server
C filtering server
D server url
3True or false: Cisco PIX Firewall version 4.4 supports N2H2.
4What is the longest URL filtering that is supported by Cisco PIX Firewall 6.2 with
Websense Enterprise filtering software?
A12 KB
B15 KB
C4 KB
D6 KB
5What is the command to filter URLs?
A filter url
B url-filter
C url-server
D .filter web page
Q&A 255
6 What happens when the only filtering server is unavailable?
AIf the allow option is set, the PIX forwards HTTP traffic without filtering.
BHTTP traffic is dropped, because the filtering server is unavailable.
CHTTP requests are queued until the filtering server is available.
DPIX reverts to the onboard filtering engine to filter HTTP traffic.
7What is the default port used by the N2H2 server to communicate with the Cisco PIX Firewall?
ATCP/UDP 1272
BTCP 5004 only
CTCP/UDP 4005
DUDP 5004 only
8What command identifies Websense servers on a Cisco PIX Firewall?
A websense url filter server_ip
B filter url server_ip vendor n2h2
C url-server [if_name] vendor n2h2 host local_ip
D All of the above
9How many URL servers can be configured on a single Cisco PIX Firewall?
A 5
B 12
C 3
D 16
10What command disables URL caching on the Cisco PIX Firewall?
Ano url-cache
Bcaching-url
Cdisable url-cache
DNone of the above
This chapter covers the following exam topics for the Secure PIX Firewall Advanced Exam (CSPFA 9E0-111):
29.Introduction to AAA
30.Installation of CSACS for Windows NT/2000