|
Posted by Mathieu CHATEAU on December 10, 2007, 5:50 am
Please log in for more thread options
I don't have pix anymore on the hand, but you may use some basic feature to
achieve your goal.
I think you may add basic cisco authentification on the rule that allow
http/https outside. If so, you may use local account on the pix, or use
radius (IAS on the Windows server) to let them authenticate with their
windows account.
As i don't have a pix on hand, and i was used to bigger one, it may not be
possible.
--
Cordialement,
Mathieu CHATEAU
English blog: http://lordoftheping.blogspot.com
French blog: http://www.lotp.fr
> 515E
> Ok, :))), that is problem. If I restrict IE or firefox there is
> possibillity for download on all other ports.
> This 2 people use a same computers like other 10 people in this room
> because we work in 3 shifts and this 2 people work just in 1st shift.
> Now I have restricted IP's on PIX, so I'm finding new solution, but the
> best solution is as I think it is with proxy.
>
> Thnx for advices
>
>
>
>>What is your pix model ? 501 ?
>>
>>You may tweak IE with bad proxy through GPO (and firefox through a custom
>>ADM), but that won't stop bad guys (or people with more knowledge).
>>
>>Does these 2 people have their own personal computers ? If so, you can
>>easily restrict by ip addresses.
| 
XML Sitemap