Filtering Https Urls; Filtering Ftp Requests; Viewing Filtering Statistics - Cisco Catalyst 6500 Series Configuration Manual
Catalyst 6500 series switch and
cisco 7600 series router firewall services
Hide thumbs
Also See for Catalyst 6500 Series:
- Software configuration manual (570 pages) ,
- Configuration note (212 pages) ,
- Installation manual (194 pages)
Table of Contents
Advertisement
Filtering HTTPS URLs
Filtering HTTPS URLs
Websense only
To filter HTTPS web access for specified users, enter the following command:
FWSM/contexta(config)# filter https source_ip source_mask dest_ip dest_mask [allow]
HTTPS content is encrypted, so the FWSM sends the URL lookup to the filtering server without
directory and filename information.
For the source addresses, specify the local, untranslated addresses. When you configure the filtering
server, use these local addresses and not the translated addresses.
When the filtering server is unavailable, the allow keyword allows connections to pass without filtering.
Without this option, the FWSM stops HTTPS traffic until the filtering server is back online.
Filtering FTP Requests
Websense only
To enable FTP filtering, enter the following command:
FWSM/contexta(config)# filter ftp port source_ip source_mask dest_ip dest_mask [allow]
[interact-block]
Websense only filters FTP GET commands and not PUT commands.
For the source addresses, specify the local, untranslated addresses. When you configure the filtering
server, use these local addresses and not the translated addresses.
When the filtering server is unavailable, use the allow keyword allows connections to pass without
filtering. Without this option, the FWSM stops FTP traffic until the filtering server is back online.
The interactive-block keyword prevents interactive FTP sessions that do not provide the entire directory
path. An interactive FTP client is a non-browser client such as the ftp command from a DOS prompt or
a UNIX shell prompt, or a stand alone FTP client. For example, when you use a web browser for FTP
and you browse to a file, the URL for the file includes the entire path. When you use the ftp command
at the command line, you can change directories without typing the entire path (cd ./files instead of cd
/public/files), in which case the firewall cannot determine your exact location.
Viewing Filtering Statistics
This section describes how to monitor filtering statistics, and includes the following topics:
•
•
•
Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide
14-6
Viewing Filtering Server Statistics, page 14-7
Viewing Caching Statistics, page 14-7
Viewing Filtering Performance Statistics, page 14-8
Chapter 14
Filtering HTTP, HTTPS, or FTP Requests Using an External Server
OL-6392-01
Advertisement
Table of Contents
Troubleshooting
