Norton Internet Security - 80 and 8002

[robrichardson]

Hi there

I have Norton Internet Security running as a proxy server and would like all users to be forced to use this, I know I could force it in GPOs but for some users this is not possible. It is possible to go into the settings of IE and unclick use proxy server and check Automatically detect which bypasses the proxy server.

For the majority of users I would like to deny all traffic on port 80 and force them to use 8002 (nortons port) however for a couple of IP addresses I would still like them to use port 80 (ie. the existing config remains based on IP address). I've pasted the relevant config from the pix, could somebody advise on how I would change this to achieve the above:

fixup protocol ftp 21
fixup protocol http 80
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol ils 389
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sqlnet 1521
fixup protocol sip 5060
fixup protocol skinny 2000
fixup protocol smtp 25
global (outside) 1 63.x.x.1
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
route outside 0.0.0.0 0.0.0.0 63.x.x.2 1

Will there be any direct results on functions like ftp, https etc?

 

[baddos]

You'll need to look at Policy Based Routing (PBR) on Cisco Routers. You can't do it on the PIX currently, but any Cisco IOS router can.