07-15-2010 02:34 PM - edited 03-11-2019 11:12 AM
I have an SR520 that is using Trend Micro Content Filtering and I got an unusual request from a client. Is it possible to have Trend Micro only filter websites during business hours. I have looked through a lot of documentation regarding the SR520 and Trend Micro but I haven't seen anything about this.
Any help is much appreciated.
Solved! Go to Solution.
07-15-2010 03:04 PM
Hmmm, you can use time based ACLs to match traffic that will be filtered. The rest of the time the ACL will not be matched and thus the traffic will not be hitting the Trend policy.
For example look at https://supportforums.cisco.com/docs/DOC-8028#_Filtered_Hosts_ClassMap_
class-map type inspect match-all filtered-hosts
match protocol http
match access-group 123
access-list 123 is the one that matches the hosts to be filtered according to the Trend policy. If that ACL matches based on time (time based ACL) then you can filter these hosts only during the time the ACL says.
I haven't tested it but it should work.
Please let us know if it solved the issue for future reference.
I hope it helps.
PK
07-15-2010 03:04 PM
Hmmm, you can use time based ACLs to match traffic that will be filtered. The rest of the time the ACL will not be matched and thus the traffic will not be hitting the Trend policy.
For example look at https://supportforums.cisco.com/docs/DOC-8028#_Filtered_Hosts_ClassMap_
class-map type inspect match-all filtered-hosts
match protocol http
match access-group 123
access-list 123 is the one that matches the hosts to be filtered according to the Trend policy. If that ACL matches based on time (time based ACL) then you can filter these hosts only during the time the ACL says.
I haven't tested it but it should work.
Please let us know if it solved the issue for future reference.
I hope it helps.
PK
07-19-2010 05:55 PM
I have tried the configuration you suggested with success. I tried to post it on the forum but I don't see it anymore. Was this removed?
07-20-2010 06:59 AM
I am not sure if it was removed..
Please mark the question as answered if you want so that others can benefit in the future.
Also you might want to avoid posting your address and phone number in forums, for your privacy.
PK
07-20-2010 12:03 PM
My apologies. I was looking for something else. Your recommendation did work. Essentially just implemented a time based access list like you suggested. Here is a sample config that I used to make it work. Thanks again!
class-map type inspect match-all HTTP
match protocol http
match access-group 160
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide