https://community.cisco.com/t5/network-security/asa-content-security/m-p/630637#M422755 <P>Hay there,</P><P></P><P>I setup a ASA FW with Trend Micro Content Security. When I add an URL to the block list I can still open it from the PCs which use the ASA as the gateway?! What did I forget?</P><P></P><P>Lars</P> Fri, 21 Feb 2020 09:17:45 GMT larsdominic 2020-02-21T09:17:45Z https://community.cisco.com/t5/network-security/asa-content-security/m-p/630637#M422755 <P>Hay there,</P><P></P><P>I setup a ASA FW with Trend Micro Content Security. When I add an URL to the block list I can still open it from the PCs which use the ASA as the gateway?! What did I forget?</P><P></P><P>Lars</P> Fri, 21 Feb 2020 09:17:45 GMT https://community.cisco.com/t5/network-security/asa-content-security/m-p/630637#M422755 larsdominic 2020-02-21T09:17:45Z https://community.cisco.com/t5/network-security/asa-content-security/m-p/630638#M422756 <HTML><HEAD></HEAD><BODY><P>The access list configured for URL coookies is not working.</P><P>The URL filtering features presented in this chapter allow the Content Engine to control client access to websites in any of the following ways:</P><P> Deny access to URLs specified in a list.</P><P> Permit access only to URLs specified in a list.</P><P> Direct traffic to a N2H2 server for filtering.</P><P> Direct traffic to a Websense enterprise server for filtering</P><P><A class="jive-link-custom" href="http://www.cisco.com/en/US/products/sw/conntsw/ps491/products_configuration_guide_chapter09186a008008123b.html#98891" target="_blank">http://www.cisco.com/en/US/products/sw/conntsw/ps491/products_configuration_guide_chapter09186a008008123b.html#98891</A></P></BODY></HTML> Tue, 14 Nov 2006 22:08:58 GMT https://community.cisco.com/t5/network-security/asa-content-security/m-p/630638#M422756 s.jankowski 2006-11-14T22:08:58Z https://community.cisco.com/t5/network-security/asa-content-security/m-p/630639#M422757 <HTML><HEAD></HEAD><BODY><P>CSC-SSM modules use service policies to redirect traffic to the module for processing. </P><P></P><P>Here is an example of what I do...</P><P></P><P>The inside_mpc is matching only inside traffic destined for web, ftp, pop3 and smtp. </P><P></P><P>The outside_mpc is matching traffic going to the internal servers (using the outside public addresses) matching pop3 and smtp.</P><P></P><P>Then, I build inside and outside classes matching traffic off of the ACL and sending it to the CSC module with the csc fail-open or csc fail-close command.</P><P></P><P>I hope this helps.</P><P></P><P>--Gavin Budd</P><P></P><P>access-list inside_mpc extended permit tcp 10.0.0.0 255.0.0.0 any eq pop3 </P><P>access-list inside_mpc extended permit tcp 10.0.0.0 255.0.0.0 any eq www </P><P>access-list inside_mpc extended permit tcp 10.0.0.0 255.0.0.0 any eq ftp </P><P>access-list inside_mpc extended permit tcp 10.0.0.0 255.0.0.0 any eq https </P><P>access-list inside_mpc extended permit tcp 10.0.0.0 255.0.0.0 any eq smtp </P><P>access-list outside_mpc extended permit tcp any x.x.25.0 255.255.255.0 eq pop3 </P><P>access-list outside_mpc extended permit tcp any x.x.25.0 255.255.255.0 eq smtp </P><P></P><P>!</P><P>!</P><P></P><P>class-map inside-class</P><P> match access-list inside_mpc</P><P>class-map outside-class</P><P> match access-list outside_mpc</P><P>!</P><P>!</P><P>policy-map outside-policy</P><P> class outside-class</P><P> csc fail-open</P><P></P><P>policy-map inside-policy</P><P> class inside-class</P><P> csc fail-open</P><P>!</P><P>service-policy outside-policy interface outside</P><P>service-policy inside-policy interface inside</P><P></P></BODY></HTML> Tue, 14 Nov 2006 23:24:45 GMT https://community.cisco.com/t5/network-security/asa-content-security/m-p/630639#M422757 gbudd12345 2006-11-14T23:24:45Z