Filtering Overview - Cisco Catalyst 6500 Series Configuration Manual
Catalyst 6500 series switch and
cisco 7600 series router firewall services
Hide thumbs
Also See for Catalyst 6500 Series:
- Software configuration manual (570 pages) ,
- Configuration note (212 pages) ,
- Installation manual (194 pages)
Table of Contents
Advertisement
Filtering HTTP, HTTPS, or FTP Requests Using an
External Server
This section tells how to enable HTTP, HTTPS, or FTP filtering for inside users, and contains the
following topics:
•
•
•
•
•
•
Filtering Overview
Although you can use ACLs to prevent outbound access to specific websites or FTP servers, configuring
and managing web usage this way is not practical because of the size and dynamic nature of the Internet.
We recommend that you use the Firewall Services Module (FWSM) in conjunction with a separate server
running one of the following Internet filtering products:
•
•
Because URL filtering is handled on a separate platform, the performance of the FWSM is less affected.
However, filtering can considerably increase access times to websites or FTP servers when the filtering
server is remote from the FWSM.
When a user issues an HTTP, HTTPS, or FTP GET request, the FWSM sends the request to the web/FTP
server as well as to the filtering server at the same time. If the filtering server permits the connection for
the user, then the following action occurs for each request type:
•
•
•
OL-6392-01
Filtering Overview, page 14-1
Configuring General Filtering Parameters, page 14-2
Filtering HTTP URLs, page 14-5
Filtering HTTPS URLs, page 14-6
Filtering FTP Requests, page 14-6
Viewing Filtering Statistics, page 14-6
Websense Enterprise—http://www.websense.com. Supports HTTP, HTTPS, and FTP filtering.
Sentian by N2H2—http://www.n2h2.com. Supports HTTP filtering. Although some versions of
Sentian support HTTPS, the FWSM only supports HTTP with Sentian.
For HTTP, the FWSM allows the reply from the web server to reach the user who issued the original
request.
For HTTPS, the FWSM allows the completion of SSL connection negotiation, and allows the reply
from the web server to reach the user who issued the original request.
For FTP, the FWSM allows the successful FTP return code to reach the user unchanged. For
example, a successful return code is "250: CWD command successful."
Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide
C H A P T E R
14
14-1
Advertisement
Table of Contents
Troubleshooting
