Web filtering for IP ranges

Firewalls, PIX, ASA, VPN, Access Control List, User Authentication, Data Encryption and Best Practices.
Guest

Re:Web filtering for IP ranges

Post by Guest » Fri Jan 04, 2008 2:46 pm

beautiful thank you so much, im going to throw this into my configuration into a couple of hours, I just needed to see the format. thank you so much. im going to mark this thread as answered later tonight after my testing is complete. its ok that you didnt answer sooner, i had many other things i had to take care of so its not a big deal. thanks again elliott

Guest

Re:Web filtering for IP ranges

Post by Guest » Fri Jan 04, 2008 3:05 pm

Hi Elliot If anything happens just let me know, will be more than glad to help you out. Mike Rojas.

Guest

Re:Web filtering for IP ranges

Post by Guest » Fri Jan 04, 2008 4:28 pm

Ive gotten the configuration you gave me into the router except for one portion of it. policy-map type inspect in-out class  http-filter   inspect    urlfilter I was able to load   policy-map type inspect in-out       class  http-filter      inspectbut when i try to add the command urlfilter the console gives me    % Incomplete command. Im guessing this is where the actual filtering is done because the firewall is not filtering at this point.   I also wanted to check that like other cisco services there is an implicit deny for things unspecified. So if i configure the firewall as such :      parameter-map type urlfilter http-filter           allow-mode on       exclusive-domain allow google.com       exclusive-domain allow yahoo.com       exclusive-domain allow hotmail.com       exclusive-domain allow gmail.com then all the other sites should be blocked right? or do I have to use a wildcard and actually block along the lines of     exclusive-domain deny *after my allowances?  thanks again in advance  elliott

Guest

Re:Web filtering for IP ranges

Post by Guest » Fri Jan 04, 2008 4:46 pm

Hi Elliot, Yes, sorry forgot one command there policy-map type inspect in-out class  http-filter   inspect    urlfilter http-filter If you want to allow those sites:        exclusive-domain allow yahoo.com       exclusive-domain allow hotmail.com       exclusive-domain allow gmail.com On the parameter-map, instead of allow-mode on, put allow-mode off, that would block the rest of the sites that you are not specifying in the exclusive domain.   Let me know. Mike

Guest

Re:Web filtering for IP ranges

Post by Guest » Fri Jan 04, 2008 6:07 pm

Ok I changed allow mode to off but when I get into Router 9config-pmap-c) # i tried          urlf http-filter%Protocol "http" not found in class-map So should I change the name of the class-map filter? I guess Ill try that and see how it goes thanks again for your time.   elliott  edit* this did not work either, I guess I am missing something somewhere else to get the %Protocol "http" not found in class-map

Post Reply