Configuring General Filtering Parameters; Identifying The Filtering Server; C H A P T E R 14 Filtering Http, Https, Or Ftp Requests Using An External Server - Cisco Catalyst 6500 Series Configuration Manual
Catalyst 6500 series switch and
cisco 7600 series router firewall services
Hide thumbs
Also See for Catalyst 6500 Series:
- Software configuration manual (570 pages) ,
- Configuration note (212 pages) ,
- Installation manual (194 pages)
Table of Contents
Advertisement
Configuring General Filtering Parameters
If the filtering server denies the connection, then the following action occurs for each request type:
•
•
•
For N2H2, if you enabled user authentication on the FWSM for HTTP, HTTPS, or FTP, then the FWSM
also sends the username to the filtering server. The filtering server can then use user-specific filtering
settings or provide enhanced reporting per user. See the
Access" section on page 12-20
IP address only.
Filtering applies only for outbound connections (from a higher security interface to a lower security
interface) or between same security interfaces.
Configuring General Filtering Parameters
This section describes how to configure the FWSM to communicate with the filtering server and how to
handle requests when the filtering server is down, how to handle long URLs, and whether to cache server
addresses. This section includes the following topics:
•
•
•
•
Identifying the Filtering Server
You can identify up to four filtering servers per context. The FWSM uses the servers in order until a
server responds. You can only configure one type of server (Websense or N2H2) in your configuration.
You must add the filtering server before you can configure filtering for HTTP or HTTPS with the filter
Note
command. If you remove the filtering servers from the configuration, then all filter commands are also
removed.
To identify the filtering server(s), enter one of the following commands for each server you want to
identify. Only one type of server is allowed in your configuration.
•
Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide
14-2
For HTTP, the FWSM redirects the user to a block page, indicating that access was denied.
For HTTPS, the FWSM prevents the completion of SSL connection negotiation. The browser
displays an error message such as "The Page or the content cannot be displayed."
For FTP, the FWSM alters the FTP return code to show that the connection was denied. For example,
the FWSM changes code 250 to "code 550: Directory not found."
Identifying the Filtering Server, page 14-2
Buffering Replies, page 14-3
Setting the Maximum Length of Long HTTP URLs, page 14-4
Caching URL Servers, page 14-4
To identify a Websense Enterprise server, enter the following command:
FWSM/contexta(config)# url-server ( if_name ) vendor websense host ip_address
[timeout seconds ] [protocol tcp [version {1 | 4}] | udp]
See the following options:
(if_name)—The interface through which the FWSM communicates with the server.
–
ip_address—The Websense server IP address.
–
Chapter 14
Filtering HTTP, HTTPS, or FTP Requests Using an External Server
"Configuring Authentication for Network
to configure user authentication. Websense supports filtering by
OL-6392-01
Advertisement
Table of Contents
Troubleshooting
