Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
523
Views
0
Helpful
3
Replies

PIX inspect http problem

george.goebel
Level 1
Level 1

‎10-19-2007 05:33 AM - edited ‎03-11-2019 04:27 AM

WE have our PIX version 7.2(2) using http inspection and set to drop protocol violations. The problem is, that it drops the Microsoft Updates. Anybody have an idea how to allow the MS Updates to work while still using the inspect http policy.

Labels:
0 Helpful
3 Replies 3

JORGE RODRIGUEZ
Level 10
Level 10

‎10-19-2007 09:00 AM

George, I believe you would have to work with creating policy and class-map to classify certain traffic, by default global policy does not inspect http but since you have altered this you would need to create a policy whereby you can apply acl to allow certain http traffic to not be ispected.

I have not done this as we have websence for filtering http but have read about it, if someone can point a good link that will be great or if there is any other way to do it.. if I find a good example link I will posted.

Rgds

Jorge

Jorge Rodriguez
0 Helpful

JORGE RODRIGUEZ
Level 10
Level 10

‎10-19-2007 08:38 PM

George, this is the link you would want to reference , applying application layer protocol inspection, this covers module policy framework and class-maps for your particular request.

http://www.cisco.com/en/US/customer/docs/security/asa/asa72/configuration/guide/inspect.html

Jorge Rodriguez
0 Helpful

george.goebel
Level 1
Level 1
In response to JORGE RODRIGUEZ

‎10-22-2007 08:36 AM

Thanks. It took a little head scratching but it works now.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card