Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1974
Views
0
Helpful
4
Replies

URL Filter exemptions

Go to solution
rebelscum
Level 1
Level 1

‎01-03-2014 05:33 AM - edited ‎03-11-2019 08:24 PM

Hello, just had a query regarding the web filter settings for a Cisco ASA 5510...

We recently purchased Websense Web Security for our office, & configured our Cisco Firewall according to this guide "PIX/ASA URL Filtering Configuration Example"  http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a008088517b.shtml

All working fine except for one website, www.flickr.com, which fails to load properly - it only loads the first few thumbnail images then appears get stuck on "waiting for l.yimg.com". I have tried adding flickr.com, staticflickr.com & yimg.com as exceptions in Websense although I'm pretty sure its not a Websense problem - I even deleted my laptop from Websense & the problem still occurs. However the flickr page loads fine from the same laptop if I access another wifi network out of the office.

I have to assume its something to do with the URL filter settings on the firewall, I don't want to delete the settings as Websense is otherwise working fine, but does anyone know if you can exempt certain URLs from being passed through the URL filter?

Thanks,

.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Julio Carvajal
VIP Alumni
VIP Alumni
In response to rebelscum

‎01-06-2014 05:22 PM

Hello Rebel Scum (Nice nickname by the way )

so with the ASA you have the option to filter based on the source IP address and destination IP address.

It would be great if you get the IPv4 address used for that specific website so you can do the follow:

filter url except 10.1.1.1 255.255.255.255 4.2.2.2 255.255.255.255 allow

Where the 10.1.1.1 is your Client and 4.2.2.2 the webserver you cannot load

Pretty cool right

Note: Congrats by using the best Content Filter in the market

Looking for some Networking Assistance? 
Contact me directly at jcarvaja@laguiadelnetworking.com

I will fix your problem ASAP.

Cheers,

Julio Carvajal Segura
http://laguiadelnetworking.com

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

View solution in original post

0 Helpful
4 Replies 4

Go to solution
donnylee
Cisco Employee
Cisco Employee

‎01-04-2014 10:38 PM

Hi,

I am moving this disuccion to Cisco Firewalling community for more appropriate audiences.

The Web Security community is focussing on Cisco Web Security Appliance.

Regards,

Donny

0 Helpful

Go to solution
rebelscum
Level 1
Level 1
In response to donnylee

‎01-06-2014 08:29 AM

ok thanks Donny, fingers crossed

0 Helpful

Go to solution
Julio Carvajal
VIP Alumni
VIP Alumni
In response to rebelscum

‎01-06-2014 05:22 PM

Hello Rebel Scum (Nice nickname by the way )

so with the ASA you have the option to filter based on the source IP address and destination IP address.

It would be great if you get the IPv4 address used for that specific website so you can do the follow:

filter url except 10.1.1.1 255.255.255.255 4.2.2.2 255.255.255.255 allow

Where the 10.1.1.1 is your Client and 4.2.2.2 the webserver you cannot load

Pretty cool right

Note: Congrats by using the best Content Filter in the market

Looking for some Networking Assistance? 
Contact me directly at jcarvaja@laguiadelnetworking.com

I will fix your problem ASAP.

Cheers,

Julio Carvajal Segura
http://laguiadelnetworking.com

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful

Go to solution
rebelscum
Level 1
Level 1
In response to rebelscum

‎01-07-2014 06:11 AM

thanks Julio, thats a great help & yes I'm really pleased with Websense, no need to worry about proxy servers & you can catch all the smartphone data too

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card