The closest thing to ensuring that all is good in the packet is the 'fixup protocol http' command.
Though this is limited and addresses issues like: URL logging of GET messages URL screening through N2H2 or Websense Java and ActiveX filtering These functions are for inside requests from the (O)utside of a PIX. Nothing on HTTPS either. So, I'd say no, or unless there is a revision that does support it that I don't know about. Maybe wait until a revision of the software becomes available that does deep packet inspection (DPI) as I believe all firewall vendors are moving this way. So, ISA behind a Pix for you then! K -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Charlie Kaiser Sent: 22 July 2004 15:09 To: Exchange Discussions Subject: RE: DMZ ports for Front End Server 515; 6.3(1) ********************** Charlie Kaiser MCSE, CCNA Systems Engineer Essex Credit / Brickwalk 510 595 5083 ********************** > -----Original Message----- > From: knighTslayer [mailto:[EMAIL PROTECTED] > Sent: Thursday, July 22, 2004 7:02 AM > To: Exchange Discussions > Subject: RE: DMZ ports for Front End Server > > PIX model and IOS ver? > > Thanks > > K > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of > Charlie Kaiser > Sent: 22 July 2004 14:41 > To: Exchange Discussions > Subject: RE: DMZ ports for Front End Server > > I'm not a firewall guy, so excuse me if this sounds ignorant. > :-) Will a PIX > do this? I'm wondering if we can use our current PIX to do this or if > I need to put in ISA if I plan to go this route when we do our > upcoming E2K3 migration. > Any documentation pointers would be wonderful... > Thanks! > > ********************** > Charlie Kaiser > MCSE, CCNA > Systems Engineer > Essex Credit / Brickwalk > 510 595 5083 > ********************** > > > > I'm pretty sure that this box can do this, only way to find > out is to > > give > > it a go. It should be documented. > > > > It is of my opinion that if you have a decent firewall and you are > > publishing services such as SMTP, FTP, HTTP, HTTPS or anything tcp > > based, then you should always use the proxy function on the > firewall. > > Depending on the firewall, it will protect against protocol attacks > > and more. > > > > ISA is a solution, but it adds an extra box to the topology, its > > another machine to patch, maintain, license, power, air > condition etc. > > etc... > > _________________________________________________________________ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Web Interface: > http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&t > ext_mode=&lang > =english > To unsubscribe send a blank email to > %%email.unsub%% > Exchange List admin: [EMAIL PROTECTED] > To unsubscribe via postal mail, please contact us at: > Jupitermedia Corp. > Attn: Discussion List Management > 475 Park Avenue South > New York, NY 10016 > > Please include the email address which you have been contacted with. > > > _________________________________________________________________ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Web Interface: > http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&t > ext_mode=&lang=english > To unsubscribe send a blank email to > %%email.unsub%% > Exchange List admin: [EMAIL PROTECTED] > To unsubscribe via postal mail, please contact us at: > Jupitermedia Corp. > Attn: Discussion List Management > 475 Park Avenue South > New York, NY 10016 > > Please include the email address which you have been contacted with. > _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang =english To unsubscribe send a blank email to %%email.unsub%% Exchange List admin: [EMAIL PROTECTED] To unsubscribe via postal mail, please contact us at: Jupitermedia Corp. Attn: Discussion List Management 475 Park Avenue South New York, NY 10016 Please include the email address which you have been contacted with. _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang=english To unsubscribe send a blank email to [EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] To unsubscribe via postal mail, please contact us at: Jupitermedia Corp. Attn: Discussion List Management 475 Park Avenue South New York, NY 10016 Please include the email address which you have been contacted with.
