topic Re: Content Security Module for ASA - SSM-CSC in Network Security

Content Security Module for ASA - SSM-CSC

blackswans — Fri, 21 Feb 2020 11:00:06 GMT

Hi,

Is it possible with that module to filter some of the users filtered (like restricting facebook.com) and others unfiltered? I mean if user based filtering is possible?

thx

Re: Content Security Module for ASA - SSM-CSC

Marwan ALshawi — Tue, 09 Sep 2008 10:57:31 GMT

it is possible based on source IP address not user name

if helpful Rate

Re: Content Security Module for ASA - SSM-CSC

edunn — Tue, 09 Sep 2008 12:55:59 GMT

You will need some type of URL filtering software like WebSense to filter based on user.....

Re: Content Security Module for ASA - SSM-CSC

suschoud — Tue, 09 Sep 2008 16:47:24 GMT

In asa,you define what traffic should be sent to csc for scanning purpose.

In the acl where you define the traffic,add an entry denying the source ip addresses for which you do not want filtering to be done.

class-map CSC-C

match access-list CSC-TRAFFIC

policy-map global_policy

class CSC-C

csc fail-open

access-list CSC-TRAFFIC line 1 extended deny tcp host x.x.x.x any eq 80

access-list CSC-TRAFFIC line 2 extended permit tcp any any eq 80

access-list CSC-TRAFFIC line 3 extended permit tcp any any eq smtp

In the above example,web traffic from x.x.x.x will not be sent to csc...

HTH

Sushil

Re: Content Security Module for ASA - SSM-CSC

Marwan ALshawi — Wed, 10 Sep 2008 03:17:05 GMT

i think u were asking about how to filter some websites based on users so i told u

that u can do it through source IP not username

however u seem u were looking how to send spisific traffic to CSC

then this link will give all these details in that regard

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00808dea62.shtml

good luck

if helpful Rate