Firewalls, PIX, ASA, VPN, Access Control List, User Authentication, Data Encryption and Best Practices.
beautiful thank you so much, im going to throw this into my configuration into a couple of hours, I just needed to see the format. thank you so much. im going to mark this thread as answered later tonight after my testing is complete. its ok that you didnt answer sooner, i had many other things i had to take care of so its not a big deal. thanks again elliott
Ive gotten the configuration you gave me into the router except for one portion of it. policy-map type inspect in-out class http-filter inspect urlfilter I was able to load policy-map type inspect in-out class http-filter inspectbut when i try to add the command urlfilter the console gives me % Incomplete command. Im guessing this is where the actual filtering is done because the firewall is not filtering at this point. I also wanted to check that like other cisco services there is an implicit deny for things unspecified. So if i configure the firewall as such : parameter-map type urlfilter http-filter allow-mode on exclusive-domain allow google.com exclusive-domain allow yahoo.com exclusive-domain allow hotmail.com exclusive-domain allow gmail.com then all the other sites should be blocked right? or do I have to use a wildcard and actually block along the lines of exclusive-domain deny *after my allowances? thanks again in advance elliott
Hi Elliot, Yes, sorry forgot one command there policy-map type inspect in-out class http-filter inspect urlfilter http-filter If you want to allow those sites: exclusive-domain allow yahoo.com exclusive-domain allow hotmail.com exclusive-domain allow gmail.com On the parameter-map, instead of allow-mode on, put allow-mode off, that would block the rest of the sites that you are not specifying in the exclusive domain. Let me know. Mike
Ok I changed allow mode to off but when I get into Router 9config-pmap-c) # i tried urlf http-filter%Protocol "http" not found in class-map So should I change the name of the class-map filter? I guess Ill try that and see how it goes thanks again for your time. elliott edit* this did not work either, I guess I am missing something somewhere else to get the %Protocol "http" not found in class-map