XSR Firewall Feature Set Functionality

Figure 16-11 Blocked Web Site Screen

You must include the re-direct URL in the white URL list when redirect URL is used with a white list, otherwise the XSR will enter an endless loop with the Web browser, performing re-direction to the same re-directed URL because it is not in the list.

URL-Wtells the XSR to search the requested URL using the URL white list which restricts Web surfing to URLs matching the URL list. If a user tries to surf a Web site not on the URL list, he will be presented with blocked page similar to that shown above. If the XSR’s optional redirect URL is configured (refer to the following section for details), then the user’s Web client will be re-directed to fetch the configured redirect URL page. If a white URL list is not loaded, no http access is permitted for traffic set by the policy.

Caution: You must include the re-direct URL in the white URL list when redirect URL is used with a white list, otherwise the XSR will enter an endless loop with the Web browser, performing re- direction to the same re-directed URL because it is not in the list

URL filtering on black and white lists, respectively, can be configured as part of your firewall policy as follows:

XSR(config)#ip firewall policy Block_URL studentNet ANY_EXTERNAL HTTP URL-B allow XSR(config)#ip firewall policy RestrictURL storeNet ANY_EXTERNAL HTTP URL-W allow

Configuring URL Redirection

You can configure a redirect URL with the ip firewall redirect URLredirect_url_string command. The redirect_url_string must uniquely identify the URL of the desired Web page to display and may total up to 63 characters. For example:

XSR(config)#ip firewall redirectURL www.ACME_INC.com/index.html

Note: The ip firewall redirectURL command takes effect immediately.

Denial of Service (DoS) Attack Protection

Security for internal hosts against a common set of DoS attacks when the firewall is enabled (globally and per interface). The firewall also uses the XSR’s HostDoS feature to perform anti- spoofing - it enforces hostDos check-spoof for any firewall-enabled interface regardless of the hostDoS check-spoof setting. Check-spoofing is performed by validating the source IP address

XSR User’s Guide 16-15

Page 400 Page 402
Page 401
Image 401
Enterasys Networks X-PeditionTM manual Denial of Service DoS Attack Protection, Configuring URL Redirection
Page 400 Page 402
Top Page Image Contents