cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
778
Views
0
Helpful
3
Replies

Default HTTP inspection map

mikedelafield
Level 1
Level 1

Hi guys.

When configuring Inspect HTTP there is an option to use Default HTTP Inspection Map.

Its used here as an example on the documentation;

From the Select HTTP Inspect Map window, check the radio button next to Use the Default HTTP inspection map. The default HTTP inspection is used in this example. Then, click OK.

However I cannot actually see anywhere what these Default settings are.

For example; it is possible to set varying security levels when configuring manually (low-medium-high) with differing options in each, but what are the security level and specific settings when choosing default?

I cannot find any reference to these.

If anyone can help that would be great.

Thanks.

Mike

3 Replies 3

Marvin Rhoads
Hall of Fame
Hall of Fame

I'm not sure which reference you're citing, but in ASDM if you go to "Configuration > Firewall > Objects > Inspect Maps > HTTP" and click on "Add" you will see a dialog box with a slider which shows what each level consists of by default. You can further customize by choosing the Details, URI Filtering, etc.

(Very very few people actually use the built-in http inspection and instead use either a 3rd party solution like WebSense URL filtering or a Proxy server like WSA or BlueCoat or else use the ASA CSC module of NGFX CX module with AVC and WSE.)

See the following screenshot for what I wan talking about in my first paragraph:

mikedelafield
Level 1
Level 1

Sorry I think I confused things slightly.

 

i realise an inspection map can be created. What I am referring to is that when you simply select "Use the default HTTP inspection map" - what configuration does it actually use here?

I cannot see any default map listed or what it's default settings are?

Thanks again.

To enable HTTP inspection you have to specify/choose an inspection map. This is needed because in order to inspect something, it needs to know what to inspect. From what I understand, using default HTTP inspection map means that you are verifying all HTTP packets that use port 80 to conform with RFC 2616. Keep in mind that it is only verifying and won't do anything to that traffic unless you specify a policy map.

HTH,

Review Cisco Networking for a $25 gift card