Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
652
Views
0
Helpful
3
Replies

Default HTTP inspection map

mikedelafield
Level 1
Level 1

‎04-06-2014 06:31 PM - edited ‎03-11-2019 09:02 PM

Hi guys.

When configuring Inspect HTTP there is an option to use Default HTTP Inspection Map.

Its used here as an example on the documentation;

From the Select HTTP Inspect Map window, check the radio button next to Use the Default HTTP inspection map. The default HTTP inspection is used in this example. Then, click OK.

However I cannot actually see anywhere what these Default settings are.

For example; it is possible to set varying security levels when configuring manually (low-medium-high) with differing options in each, but what are the security level and specific settings when choosing default?

I cannot find any reference to these.

If anyone can help that would be great.

Thanks.

Mike

Labels:
0 Helpful
3 Replies 3

Marvin Rhoads
Hall of Fame
Hall of Fame

‎04-06-2014 08:01 PM

I'm not sure which reference you're citing, but in ASDM if you go to "Configuration > Firewall > Objects > Inspect Maps > HTTP" and click on "Add" you will see a dialog box with a slider which shows what each level consists of by default. You can further customize by choosing the Details, URI Filtering, etc.

(Very very few people actually use the built-in http inspection and instead use either a 3rd party solution like WebSense URL filtering or a Proxy server like WSA or BlueCoat or else use the ASA CSC module of NGFX CX module with AVC and WSE.)

See the following screenshot for what I wan talking about in my first paragraph:

0 Helpful

mikedelafield
Level 1
Level 1

‎04-07-2014 03:16 AM

Sorry I think I confused things slightly.

 

i realise an inspection map can be created. What I am referring to is that when you simply select "Use the default HTTP inspection map" - what configuration does it actually use here?

I cannot see any default map listed or what it's default settings are?

Thanks again.

0 Helpful

Rudy Sanjoko
Level 4
Level 4
In response to mikedelafield

‎04-07-2014 06:05 AM

To enable HTTP inspection you have to specify/choose an inspection map. This is needed because in order to inspect something, it needs to know what to inspect. From what I understand, using default HTTP inspection map means that you are verifying all HTTP packets that use port 80 to conform with RFC 2616. Keep in mind that it is only verifying and won't do anything to that traffic unless you specify a policy map.

HTH,

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card