Cisco Firewall :: IOS Content Filtering On SR-520 Router
May 17, 2010
I have a Cisco SR-520 router which I am trying to configure and install the IOS content filter. I have read many of the documents on this but some of the lines do not work, from using the pages belowURL
you are supposed to enter parameter maps as follows:-
parameter-map type trend-global global-param-map
cache-size maximum-memory 256
The router has 12.4 (20) T4, which is supposed to be supported, the only other way of configuring is using CCP which is not compatible with SR-520's you recieve hardware not supported message's.
I found an interesting manual at this forum for blocking websites whits local content filtering. After I've modified the variables to get more details, I stopped at on question. My current Problem is "zone-pair.
zone security Z-SECRUTIY-SOURCE zone security Z-SECRUTIY-DESTINATION zone-pair security ZP-SECURITY source Z-SECRUTIY-SOURCE destination Z-SECRUTIY-DESTINATION service-policy type inspect CM-INSPECT-TRAFFIC
I know the 5510 & 5520s support the CSC-SSM module for Content Filtering (Anti-Phishing, Anti Spam, URL filtering, Anti-Spyware & Antivirus), but what about content filtering for the ASA5525-K9.The problem that I have is that I need a firewall that supports up to 1 Gbps Maximum Firewall Throughput and to support 250 users with Content Filtering described above.I'm using the following doc for sizing and came across the ASA5525-K9 for 1 Gbps, but not sure about the Content filtering: url...
I have IOS content filtering using the Trend Micro subscription service working on a 2911 running 15.1.(3)T3 with the security license option and a 30 day demo Trend subscription. Once I figured out that the content filtering for Trend appears to be completely broken in 15.2 (even using docs for 15.2) I went back to 15.1 and it works great.
Everything seems great so far except I would like to have a more 'fancy' or custom blocked page where a user can have a couple links to either go to the trend micro reporting page [URL] or some other page, and maybe some branding so they know the page is coming from our network and is not some fake security thing or phishing attempt or whatever.
I know I can use the 'parameter-map type urlf policy trend ' section to do a tiny bit of customization of the text that appears on the default blocked page display and there is an option for it to go to a simple redirect instead ('block-page redirect -url') but how to do more with either the built in page or the redirect- url to keep the information of what page the user was trying to access and why it was blocked (category etc.) while adding more features.
Oh, one last thing, this doesn't support any kind of 'user override' or anything like that does it? So that a network can have a filter applied but an admin could override the filtering to allow temporary access to something?
I face a strange bahavior with my rv220w router : I set up access rules to deny all outbound trafic for a particular IP range. It seems to work fine .... but when I enable content filtering, HTTP access on port 80 works again (and other ports are denied). It seems that activating content filtering makes the router ignore firewall rule.
I'm working withbusiness set up a remote office, currently with about 45 PC's that could grow in the future. They are looking at a RV042G or (for long term future growth) a ISA570.They want to be able to do content filtering by category, ie restrict gambling, drugs, etc. sites rather than by URL or addresses.Is either the RV042G or the ISA570 capable of doing this?Are both routers to be available long term? ie, they are not on any end-of lists? I've looked and did not see them on any.Is the RV042G capable of handling an office even starting with 45 PC's? If not, is the 570 a good fit?
I have two devices: One is a Linksys WRG54G router. The other is a PC running the Smoothwall router software with URL filtering. Either would work fine on its own as a router. I'm wanting to use them both, though, because each offers different features.Right now, the Linksys router is connected to the WAN and is my DHCP server. Its IP is 192.168.0.1. The Smoothwall box has a static IP of 192.168.0.2. I want all web traffic to go through Smoothwall (192.168.0.2) because it offers good web filtering.
I know I could use Smoothwall as my router and rid of the Linksys, but the whole idea behind this is to use the QoS and other features that Linksys firmwares offer (such as Tomato or DD-WRT), but still keep the ability to filter URLs.
I'm looking for a content filtering/antivirus/antispyware appliance for my company. Right now we have an ASA 5505 at the edge. We have several outside employees connecting via Cisco VPN clients to the ASA. I need an appliance that can do content filtering for my inside network, guest network, and VPN users. That's two local VLANs and a VPN pool which are all terminated at the ASA.
I've had good luck with Cymphonix in the past, but their boxes are a bit steep for the amount of throughput I need. We'll probably be moving from a 15/15 fiber connection to 80/10 cable soon since our provider can't seem to keep us online; even with an alleged "100%" SLA. They just don't have a network capable of anything close to 100% uptime, plain and simple.
I'd like to keep the ASA running as our firewall and VPN server, so the device needs to be able to do content filtering/av/as in a transparent mode.
We have just buy a Cisco Small Business Router, model RV082. I need to enable the content filtering, but we just realized that this equipment does not filter HTTPS urls, even with the solution "Cisco ProtectLink Web" the equipment does not filter HTTPS urls.
For example, if I type on my browser just [URL], the access blocked, but if I type HTTPS:[URL], the access is allowed!Is there any way to block urls with HTTPS?
1. I'm interested if it's possible to block certain contetn only at certain time ? e.g. We would like to block facebook from 7:00 to 10:00 and from 11:00 to 15:00. I was going through cisco manuals but can't find the right answer to this.
2. Cisco 871 has 4 LAN interfaces and one WAN interface. Currently WAN interface is connected to adsl modem in bridge mode and LAN 0 interface is connected to switch.
I'm interested if I could use remaining 3 LAN interfaces for adsl connections same as I'm using WAN interface. Then I would create vlans that would use LAN interface 0. Each of those VLAN's would use different adsl connection.I would assign different IP to each VLAN's so users would be able to change their gateway and use different ADSL connection.
I have come across articles mentioning that URL Filtering can be implemented by using ASA 5505 with URL Filtering Servers. But Websense and other Web Filtering Servers are paid ones ? Are there any free solutions available ? What exactly is N2H2 ? The reason is I don 't want to increase the CPU utilization of ASA by implementing URL filtering within the device. If I have around 30 nodes which connects to the internet via a 2Mbps line through ASA 5505 and if I want to block around say 10 or 15 URLs , will it increase CU utilization beyond permissible limits ? Currently the CPU Utilization is around 10 - 15 . Here's the infrastructure setup .
I have Zone Based Firewall running on a 2821 router and would like to configure Url Filtering with Websence . IOS running on that device is c2800nm-adverterprisek9-mz.150-1.M7.bin . Once you have ZBF config you cant configure url-filtering using classic way ( ip inspect ) and this has to be done using class , policy maps .For this to to happen it is required to have match protocol http command under the class map , it wont work using the match access-group command.[code]
Once I put match protocol http command browsing becomes dead slow , also without using match protocol command I cant continue to configure Url Filtering . Is this a problem related to IOS where match protocol command isnt working fine . I have checked CPU utlization of Router and it was roughly near 7 percent .
We want to have a ASA5510 with both IPS function and Content Security feature, while I checked on Cisco website, looks like ASA5510 or 5520 only have one SSM slot, so I can only use either AIP module or CSC module, does it mean I can not get both features at the same time.
Right now I want to have IPS function and anti-spam, anti-virus, antiphishing, content filtering, URL blocking such feature, so what do I need to buy to have all of these function in one device?
Is it possible have Content Security and Control Security in a ASA 5585-X? I´m asking because the CSC-SSM is only supported in ASA 5540, 5520 and 5510 and I dont know how it feature ca be supported on a new ASA 5585-X.
Our requirement with that appliance is to do URL blocking and filtering.Are there any other options we can consider or is it SaaS only. Would have preferred Trend Micro, but don't this is possible with this appliance.Will content security be offered on the Cisco ASA 5500-X Series?At this time, content security services are not supported on the Cisco ASA 5500-X Series appliances. However, the ASA 5500-X Series Cisco Cloud Web Security ready. Cisco Cloud Web Security provides content security as a cloud-based software as a service (SaaS).
### Cisco Adaptive Security Appliance Software Version 8.0(3)6 Device Manager Version 6.0(2) Compiled on Thu 17-Jan-08 17:42 by builders System image file is "disk0:/asa803-6-k8.bin" Hardware: ASA5510, 202 MB RAM, CPU Pentium 4 Celeron 1600 MHz Internal ATA Compact Flash, 256MB BIOS Flash M50FW080 @ 0xffe00000, 1024KB ###
The question is what i need to add the CSC10 SSM with content filtering and url filtering to this version of ASA? Do I need more ram? Do I need more flash? Is this version compatible with the CSCSSM hardware? What licenses i need for 100 users?
I have some clarifications regarding ASA firewall, it can be support bandwidth management and content security at the same time. we are looking for below features in ASA5510.
IP/Policy based bandwidth management.Controll the bandwidth and allocate the bandwidth to specified users or servers.Content Security. If not, which device I need to set for Internet Bandwidth Management and content security.
I run a website for a local football team using Serif Webplus X6. On uploading the weekly updates of the site the process seems ok for a few minutes with progress bars showing uploading of files but then it all stops and I have to reset my wireless network adaptor 1703 and it continues but I can't just leave it to work on its own. Device manager says that the drivers are up to date but I'm fed up with having to nurse the adaptor. This didn't happen with previous computers.
I have to upgrade to an ASA 5510 CSC, and the new license is generated, the file you sent me licensing, only seen this:Activation Code not required for this renewal. Please go to "Administration> Product License" in the CSC SSM console and click "Check Status Online" to get the latest expiration date (BASE: 09/04/2014, PLUS: 09/04/2014).This means that what I have not make any upgrades or license charge in the ASA? Does the automatic update is made?
I've been trying to configured Websense urlfiltering using ZFW feature on my Cisco 881G router. The router is running on IOS 15.0(1)M with Advanced IP Services. And I have confirmed it supports urlfilter feature.
This is what I tried to accomplish but IOS version 15.0x seems to have different command set. ----------------------- class-map type inspect httptraffic match protocol http parameter-map type urlfilter param server vendor websense 10.20.30.40 [Code]...
Could URL FIltering be implemented on Cisco ASA 5505-BUN-k9?i mean to block certain websites, like facebook, youtube, to block certain download files like .exe, .com .bat etc....Is there any extra license needed for this, or it could be done with the simple IOS ASA5505-bun-k9?
I have a problem configuring url filtering on ASA 5505 rel 8.3.1: I have to block the web navigation to facebook and, with my configuration, it works fine.The problem is when I try to access on other sites where there are a links to facebook, I cannot see that site and not only the button of facebook.
One of our customers has an ASA5510 with CSC SSM-10 security module. The software version of the module is 6.6.1125.0.Is it possible to do https filtering with this module ? The customer is complaining that this is not possible...from Cisco I've read the following:
• HTTPS Filtering – Able to allow or block HTTPS traffic. – Supports group-based and user-based HTTPS policies. – Includes URL blocking/URL exception list support for HTTPS domains.
I am running a Cisco ASA 5510 with Trend Micro Interscan. We have it set up to filter https except for a handful of sites. It is filtering the ones we don't want ie: facebook, and youtube. Though it is causing all other https to slow to a crawl. Therefore some sites it times out on us. What should we be looking for to change so it isn't slowing the allowed sites down?