Yahoo Answers is shutting down on May 4th, 2021 (Eastern Time) and beginning April 20th, 2021 (Eastern Time) the Yahoo Answers website will be in read-only mode. There will be no changes to other Yahoo properties or services, or your Yahoo account. You can find more information about the Yahoo Answers shutdown and how to download your data on this help page.

drumrb0y asked in Computers & InternetSecurity · 1 decade ago

Cisco PIX: Access-list blocking by domain name vs. IP?

This is a simple one, so I'm hoping for a quick reply.

I currently block malicious domains by manually resolving them and blocking the IP address on the inside (outbound) access-list in the PIX 535; is it possible to configure an access-list to auto-resolve DNS and block by domain name, or would this be too slow of a process for an access-list to accomplish?

Thanks

2 Answers

Relevance
  • Anonymous
    1 decade ago
    Favorite Answer

    This cannot be done on the Pix via an ACL. You would need some sort of third party server for the resolution and updates.

  • ritzer
    Lv 4
    5 years ago

    The ACL seems effective to me, are you confident it truly is the placement? Are your NAT's set up properly as an instance? Or is there an ACL on the outdoors interface perhaps? Or a default route lacking probably? The ACL as you've presented it kind of feels effective to me.

Still have questions? Get your answers by asking now.