cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2274
Views
2
Helpful
8
Replies

CSM 3.3.0, FWSM 4.0(6), HTTP Inspection

hedyeh razazan
Level 1
Level 1

Hi,

i have a firewall module (FWSM) ,(version  4.0(6)) which is managed with CSM (3.3.0). There is a problem about regular expression configuration with CSM. HTTP Inspection with regular expression is configured with ASDM successfully but this configuration is not deployed with CSM on FWSM. It seems CSM does not support regular expression for FWSM. The following picture shows that CSM support HTTP advanced inspection configuration only for ASA7,2 and PIX7.2. i need to know  does CSM 4.0 has this limitation or is there any solution for this CSM version?

HTTP inspection.bmp

2 Accepted Solutions

Accepted Solutions

Panos Kampanakis
Cisco Employee
Cisco Employee

You are right, please open a TAC case because we need to work with development to have this fixed in CSM.

Your alternative would be to use FlexConfig in CSM for the regex.

I hope it helps.

PK

View solution in original post

Here is the guide for Flex configs http://www.cisco.com/en/US/docs/security/security_management/cisco_security_manager/security_manager/3.3/user/guide/tmplchap.html

There is no predefined flex config for the http inspection. But you can create a new Flex config that has the commands

regex ...

class-map type inspect http

  match header host regex ...

The Flex config in CSM will be deploying the commands as if you were doing it with CLI.

I hope it makes sense.

PK

View solution in original post

8 Replies 8

Panos Kampanakis
Cisco Employee
Cisco Employee

You are right, please open a TAC case because we need to work with development to have this fixed in CSM.

Your alternative would be to use FlexConfig in CSM for the regex.

I hope it helps.

PK

thanks for your attention,

how can i configure regular expression inspection with Flexconfig? i couldn't find proper object.

Here is the guide for Flex configs http://www.cisco.com/en/US/docs/security/security_management/cisco_security_manager/security_manager/3.3/user/guide/tmplchap.html

There is no predefined flex config for the http inspection. But you can create a new Flex config that has the commands

regex ...

class-map type inspect http

  match header host regex ...

The Flex config in CSM will be deploying the commands as if you were doing it with CLI.

I hope it makes sense.

PK

thank you so much.

finally it worked successfully.

P.S:Merry Christmas!

I am glad you could make it work.

Please mark this as answered for the benefit of others that read this post later in the future.

Take care,

PK

how can i do tis?

You should have an option to rate every post and an option to mark a thread you started as answered.

PK

ROBERTO GIANA
Level 4
Level 4

Hmmm... CSM 4.2 on the loose and still not fixed... Do CSM and FWSM developers talk to each other and synch their features?

Review Cisco Networking for a $25 gift card