Re: Web filter

1salvarez · ‎02-28-2011

We upgraded to ASA IOS 8.2.4 from 8.0.2. When the commands "filter https 443 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 allow" and "filter url http 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 allow" are added the we lose internet access. We're using WebSense and command "url-server (inside) vendor websense host 192.168.1.180 timeout 30 protocol TCP version 4 connections 5"

Thank you.

PAUL GILBERT ARIAS · ‎02-28-2011

Is websense properly configured? What the asa sees? Do a show url-server statistics. If it is up then the allow will not permit traffic.

Sent from Cisco Technical Support iPhone App

1salvarez · ‎02-28-2011

"sh url-ser sta"

Server Statistics:
--------------------
192.168.1.180 UP
Vendor websense

I've tried shutting down the server and we're still not allowed online. Only after we remove the filter command are we allowed online.

PAUL GILBERT ARIAS · ‎02-28-2011

once you shut down the server how long you waited? ASA has to be aware that the server is down.

1salvarez · ‎02-28-2011

"sh url-ser sta"

Server Statistics:
--------------------
192.168.1.180 DOWN
Vendor websense

Waited for up to 10 after it showed it down. Thinking it may be a bug in the IOS.

PAUL GILBERT ARIAS · ‎02-28-2011

you are testing with HTTPS traffic right?

1salvarez · ‎02-28-2011

Both. This wasn't a problem for us on 8.0. Thinking I'm going to upgrade to 8.4 in hopes of it working.

PAUL GILBERT ARIAS · ‎02-28-2011

Be aware that 8.4 has differences in NAT. Check the release notes before.

1salvarez · ‎05-03-2011

Turns out we had a bad ASA. Cisco replaced it.