Manualshelf

- Enterasys Security Router User's Guide

ManualsBrandsEnterasys Networks ManualsNetwork RouterSecurity Router X-PeditionTM
401402403404405406407408409410
XSR Firewall Feature Set Functionality
XSR User’s Guide 16-15
Figure 16-11 Blocked Web Site Screen
You must include the re-direct URL in the white URL list when redirect URL is used with a white
list, otherwise the XSR will enter an endless loop with the Web browser, performing re-direction
to the same re-directed URL because it is not in the list.
URL-W tells the XSR to search the requested URL using the URL white list which restricts Web
surfing to URLs matching the URL list. If a user tries to surf a Web site not on the URL list, he will
be presented with blocked page similar to that shown above. If the XSR’s optional redirect URL is
configured (refer to the following section for details), then the user’s Web client will be re-directed
to fetch the configured redirect URL page. If a white URL list is not loaded, no http access is
permitted for traffic set by the policy.
URL filtering on black and white lists, respectively, can be configured as part of your firewall
policy as follows:
XSR(config)#ip firewall policy Block_URL studentNet ANY_EXTERNAL HTTP URL-B allow
XSR(config)#ip firewall policy RestrictURL storeNet ANY_EXTERNAL HTTP URL-W allow
Configuring URL Redirection
You can configure a redirect URL with the ip firewall redirect URLredirect_url_string
command. The redirect_url_string must uniquely identify the URL of the desired Web page to
display and may total up to 63 characters. For example:
XSR(config)#ip firewall redirectURL www.ACME_INC.com/index.html
Denial of Service (DoS) Attack Protection
Security for internal hosts against a common set of DoS attacks when the firewall is enabled
(globally and per interface). The firewall also uses the XSR’s HostDoS feature to perform anti-
spoofing - it enforces hostDos check-spoof for any firewall-enabled interface regardless of the
hostDoS check-spoof setting. Check-spoofing is performed by validating the source IP address
Caution: You must include the re-direct URL in the white URL list when redirect URL is used with
a white list, otherwise the XSR will enter an endless loop with the Web browser, performing re-
direction to the same re-directed URL because it is not in the list
Note: The ip firewall redirectURL command takes effect immediately.