Cisco Firewall :: How To Block Websites Using Local Content Filtering On A 876 Router
Nov 3, 2012
I found an interesting manual at this forum for blocking websites whits local content filtering. After I've modified the variables to get more details, I stopped at on question. My current Problem is "zone-pair.
zone security Z-SECRUTIY-SOURCE
zone security Z-SECRUTIY-DESTINATION
zone-pair security ZP-SECURITY source Z-SECRUTIY-SOURCE destination Z-SECRUTIY-DESTINATION
service-policy type inspect CM-INSPECT-TRAFFIC
I have a Cisco SR-520 router which I am trying to configure and install the IOS content filter. I have read many of the documents on this but some of the lines do not work, from using the pages belowURL you are supposed to enter parameter maps as follows:-
parameter-map type trend-global global-param-map server trps.trendmicro.com cache-size maximum-memory 256 cache-entry-lifetime 1
The router has 12.4 (20) T4, which is supposed to be supported, the only other way of configuring is using CCP which is not compatible with SR-520's you recieve hardware not supported message's.
I know the 5510 & 5520s support the CSC-SSM module for Content Filtering (Anti-Phishing, Anti Spam, URL filtering, Anti-Spyware & Antivirus), but what about content filtering for the ASA5525-K9.The problem that I have is that I need a firewall that supports up to 1 Gbps Maximum Firewall Throughput and to support 250 users with Content Filtering described above.I'm using the following doc for sizing and came across the ASA5525-K9 for 1 Gbps, but not sure about the Content filtering: url...
I have IOS content filtering using the Trend Micro subscription service working on a 2911 running 15.1.(3)T3 with the security license option and a 30 day demo Trend subscription. Once I figured out that the content filtering for Trend appears to be completely broken in 15.2 (even using docs for 15.2) I went back to 15.1 and it works great.
Everything seems great so far except I would like to have a more 'fancy' or custom blocked page where a user can have a couple links to either go to the trend micro reporting page [URL] or some other page, and maybe some branding so they know the page is coming from our network and is not some fake security thing or phishing attempt or whatever.
I know I can use the 'parameter-map type urlf policy trend ' section to do a tiny bit of customization of the text that appears on the default blocked page display and there is an option for it to go to a simple redirect instead ('block-page redirect -url') but how to do more with either the built in page or the redirect- url to keep the information of what page the user was trying to access and why it was blocked (category etc.) while adding more features.
Oh, one last thing, this doesn't support any kind of 'user override' or anything like that does it? So that a network can have a filter applied but an admin could override the filtering to allow temporary access to something?
I face a strange bahavior with my rv220w router : I set up access rules to deny all outbound trafic for a particular IP range. It seems to work fine .... but when I enable content filtering, HTTP access on port 80 works again (and other ports are denied). It seems that activating content filtering makes the router ignore firewall rule.
I'm working withbusiness set up a remote office, currently with about 45 PC's that could grow in the future. They are looking at a RV042G or (for long term future growth) a ISA570.They want to be able to do content filtering by category, ie restrict gambling, drugs, etc. sites rather than by URL or addresses.Is either the RV042G or the ISA570 capable of doing this?Are both routers to be available long term? ie, they are not on any end-of lists? I've looked and did not see them on any.Is the RV042G capable of handling an office even starting with 45 PC's? If not, is the 570 a good fit?
I have two devices: One is a Linksys WRG54G router. The other is a PC running the Smoothwall router software with URL filtering. Either would work fine on its own as a router. I'm wanting to use them both, though, because each offers different features.Right now, the Linksys router is connected to the WAN and is my DHCP server. Its IP is 192.168.0.1. The Smoothwall box has a static IP of 192.168.0.2. I want all web traffic to go through Smoothwall (192.168.0.2) because it offers good web filtering.
I know I could use Smoothwall as my router and rid of the Linksys, but the whole idea behind this is to use the QoS and other features that Linksys firmwares offer (such as Tomato or DD-WRT), but still keep the ability to filter URLs.
I'm looking for a content filtering/antivirus/antispyware appliance for my company. Right now we have an ASA 5505 at the edge. We have several outside employees connecting via Cisco VPN clients to the ASA. I need an appliance that can do content filtering for my inside network, guest network, and VPN users. That's two local VLANs and a VPN pool which are all terminated at the ASA.
I've had good luck with Cymphonix in the past, but their boxes are a bit steep for the amount of throughput I need. We'll probably be moving from a 15/15 fiber connection to 80/10 cable soon since our provider can't seem to keep us online; even with an alleged "100%" SLA. They just don't have a network capable of anything close to 100% uptime, plain and simple.
I'd like to keep the ASA running as our firewall and VPN server, so the device needs to be able to do content filtering/av/as in a transparent mode.
We have just buy a Cisco Small Business Router, model RV082. I need to enable the content filtering, but we just realized that this equipment does not filter HTTPS urls, even with the solution "Cisco ProtectLink Web" the equipment does not filter HTTPS urls.
For example, if I type on my browser just [URL], the access blocked, but if I type HTTPS:[URL], the access is allowed!Is there any way to block urls with HTTPS?
I have a Cisco ASA 5505 in my home office which has a few PCs behind it with a linux web server running some websites. I can access the websites from outside no problem (i.e. on my iPhone using a 3G connection). However, I struggle to access the websites from within the network. The ASA gives me this error: [code]
1. I'm interested if it's possible to block certain contetn only at certain time ? e.g. We would like to block facebook from 7:00 to 10:00 and from 11:00 to 15:00. I was going through cisco manuals but can't find the right answer to this.
2. Cisco 871 has 4 LAN interfaces and one WAN interface. Currently WAN interface is connected to adsl modem in bridge mode and LAN 0 interface is connected to switch.
I'm interested if I could use remaining 3 LAN interfaces for adsl connections same as I'm using WAN interface. Then I would create vlans that would use LAN interface 0. Each of those VLAN's would use different adsl connection.I would assign different IP to each VLAN's so users would be able to change their gateway and use different ADSL connection.
I went through all discussions regarding how to block access to some web sites. And I was trying to implement them but it didn't work. I've used 887G-3G-K9 router and UC540, and I'm not sure if it's possible to do that on them or I need to get a license for that or to buy ASA. How can I check that URL blocking is available feature on those devices?
I've used 2 methods:
2) class-map and policy-map
class-map match-any http match protocol http url "*facebook.com*" match protocol http url "*www.facebook.com*"
I am asked to implement the security in campus Network. i.e. In this network we want to block some websites, We don't want to use any 3rd party software or proxy server and content filtering module to block theset.my router IOS is advance securityk9 How to block the website in a Cisco 2600 series router by using the command. What is the access list we need to use to block.Assume we want to restrict,
Here we are using Cisco 2600 series router and 2900 series switch. In router we are using the2Mb lease line link
In my office there is 2 desktops which is networked. one is in the office and the other in my room. internet connection is also there, the modem is kept in my room. but one of my cousin is there in my house and he has a laptop, the internet for his lap is taken from my modem. and now i have noticed that my cousin is visiting adult content sites and i want to block him ? is there any way. why the history he uses is being shown in my browsers history ?
I managed to block as much of the streaming video (using URL Blocks of .flv, .wmv, etc...) how do I block YouTube.com for 23 hours of the day (or allow access for 1 hour a day)...but maintaining all the other blocks intact 24 hours a day?
Also is there a way to block p2p file sharing (BitTorrent)?
I have a home network that consists of two routers. First I have my cable modem that is connected to an Apple Airport Extreme Base Station. I tend to use that as the 'n' network for my computers so any devices using n networking connect to that.I then have a cable that goes from my Apple Airport Extreme Base Station to a Linksys E3000 router. I tend to use that as my g router and connect many devices that only have g wi-fi to it.Here is the problem:Because of a couple children that have iPod Touches and Macbooks I like to have them connect to the E3000 since it has great website blocking. I wish the Apple Base Station had website blocking but as far as I see it doesn't. Also, this website blocking has worked great since I installed the router but here is the problem. They frequently have to print items and they're unable to print since it won't find the printer.
The printer that I have is connected by Ethernet cable to the Apple Base Station It appears I have two ways of connecting the E3000 router to my Base Station. The way I currently have it connected is the E3000 is connected to the Apple router through the Internet port on the back. By doing this I get full internet and website blocking but I am unable to print through it. Yet if I connect it to the Apple router through one of it's numbered (1-4) ports, I still get internet, I'm able to print, but yet the website blocking does not work.Since the Apple base station doesn't have website blocking as far as I know the only way I can think of getting around this is to replace my Apple Base Station with another E3000 but I don't want to do this unless I have to.
I recently purchased an E-2500, but notice that in parental controls I can only block 6 or 8 websites. In my WRT54GS I could just create additional rules and they would work. But in this device I am limited on the sites that can be blocked per device. How I can block additional sites?
I have come across articles mentioning that URL Filtering can be implemented by using ASA 5505 with URL Filtering Servers. But Websense and other Web Filtering Servers are paid ones ? Are there any free solutions available ? What exactly is N2H2 ? The reason is I don 't want to increase the CPU utilization of ASA by implementing URL filtering within the device. If I have around 30 nodes which connects to the internet via a 2Mbps line through ASA 5505 and if I want to block around say 10 or 15 URLs , will it increase CU utilization beyond permissible limits ? Currently the CPU Utilization is around 10 - 15 . Here's the infrastructure setup .