Foundation Summary 253
Foundation Summary
The filter url command lets you prevent outbound users from accessing World Wide Web URLs that you designate using one of the following URL filtering applications:
•Websense Enterprise web filtering application—Supported by PIX Firewall version 5.3 or later
•Filtering by N2H2 for IFP-Enabled Devices—Supported by PIX Firewall version 6.2
When a user issues an HTTP request to a website, the PIX Firewall sends the request to the web server and to the filtering server at the same time. If the filtering server permits the connection, the PIX Firewall allows the reply from the website to reach the user who issued the original request. If the filtering server denies the connection, the PIX Firewall redirects the user to a block page, indicating that access was denied.
254 Chapter 12: Content Filtering with the Cisco PIX Firewall
Q&A
The questions in this section are designed to ensure your understanding of the concepts discussed in this chapter and adequately prepare you to complete the exam. You should use the simulated exams on the CD to practice for the exam.
The answers to these questions can be found in Appendix A.
1 How does PIX filter Java applets and ActiveX objects?
ABy commenting out the <OBJECT> </OBJECT> or <APPLET> </APPLET> tags in the HTML page.
BBy deleting the <OBJECT> </OBJECT> or <APPLET> </APPLET> tags in the HTML page.
CIt notifies the content filtering server, which in turn disables the ActiveX objects and Java applets.
DPIX does not filter ActiveX objects or Java applets.
2What is the command to designate or identify the filtering server?
A filter url-server
B url-server
C filtering server
D server url
3True or false: Cisco PIX Firewall version 4.4 supports N2H2.
4What is the longest URL filtering that is supported by Cisco PIX Firewall 6.2 with
Websense Enterprise filtering software?
A12 KB
B15 KB
C4 KB
D6 KB
5What is the command to filter URLs?
A filter url
B url-filter
C url-server
D .filter web page
Q&A 255
6 What happens when the only filtering server is unavailable?
AIf the allow option is set, the PIX forwards HTTP traffic without filtering.
BHTTP traffic is dropped, because the filtering server is unavailable.
CHTTP requests are queued until the filtering server is available.
DPIX reverts to the onboard filtering engine to filter HTTP traffic.
7What is the default port used by the N2H2 server to communicate with the Cisco PIX Firewall?
ATCP/UDP 1272
BTCP 5004 only
CTCP/UDP 4005
DUDP 5004 only
8What command identifies Websense servers on a Cisco PIX Firewall?
A websense url filter server_ip
B filter url server_ip vendor n2h2
C url-server [if_name] vendor n2h2 host local_ip
D All of the above
9How many URL servers can be configured on a single Cisco PIX Firewall?
A 5
B 12
C 3
D 16
10What command disables URL caching on the Cisco PIX Firewall?
Ano url-cache
Bcaching-url
Cdisable url-cache
DNone of the above
This chapter covers the following exam topics for the Secure PIX Firewall Advanced Exam (CSPFA 9E0-111):
29.Introduction to AAA
30.Installation of CSACS for Windows NT/2000