Solved: HTTPS inspection on ASA with SmartFilter

alig.norbert · ‎05-13-2010

Hi all,

I got an ASA5505 with URL-filtering through SmartFilter.

HTTP ist working fine. HTTPS unfortunately can only be blocked on the SmartFilter with the IP address (e.g. https://70.42.13.100)

and not with the domain-name (e.g. https://www.cisco.com/).

On the ASA, the SyslogID 304001 shows only <inside client ip> Accessed URL 70.42.13.10:https://70.42.13.10/ and this is, what the

SmartFilter are checking.

How can I tell the ASA to log/send the URL name to the SmartFilter?

Thanks,

Norbert

Panos Kampanakis · ‎05-14-2010

The smartfilter blocks https doing a reverse lookup for all illegit urls.

In other words when it sees the ip address you are https-ing to it checks what domain the ip address belongs and then decides if it needs to block.

The ASA does not know the url because the http has the URL encrypted and so it can't log it.

I hope it makes sense.

PK

Panos Kampanakis · ‎05-14-2010

The smartfilter blocks https doing a reverse lookup for all illegit urls.

In other words when it sees the ip address you are https-ing to it checks what domain the ip address belongs and then decides if it needs to block.

The ASA does not know the url because the http has the URL encrypted and so it can't log it.

I hope it makes sense.

PK