cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1119
Views
0
Helpful
4
Replies

URL Filter exemptions

rebelscum
Beginner
Beginner

Hello, just had a query regarding the web filter settings for a Cisco ASA 5510...

We recently purchased Websense Web Security for our office, & configured our Cisco Firewall according to this guide "PIX/ASA URL Filtering Configuration Example"  http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a008088517b.shtml

All working fine except for one website, www.flickr.com, which fails to load properly - it only loads the first few thumbnail images then appears get stuck on "waiting for l.yimg.com". I have tried adding flickr.com, staticflickr.com & yimg.com as exceptions in Websense although I'm pretty sure its not a Websense problem - I even deleted my laptop from Websense & the problem still occurs. However the flickr page loads fine from the same laptop if I access another wifi network out of the office.

I have to assume its something to do with the URL filter settings on the firewall, I don't want to delete the settings as Websense is otherwise working fine, but does anyone know if you can exempt certain URLs from being passed through the URL filter?

Thanks,

.

1 Accepted Solution

Accepted Solutions

Hello Rebel Scum (Nice nickname by the way )

so with the ASA you have the option to filter based on the source IP address and destination IP address.

It would be great if you get the IPv4 address used for that specific website so you can do the follow:

filter url except 10.1.1.1 255.255.255.255 4.2.2.2 255.255.255.255 allow

Where the 10.1.1.1 is your Client and 4.2.2.2 the webserver you cannot load

Pretty cool right

Note: Congrats by using the best Content Filter in the market

Looking for some Networking Assistance? 
Contact me directly at jcarvaja@laguiadelnetworking.com

I will fix your problem ASAP.

Cheers,

Julio Carvajal Segura
http://laguiadelnetworking.com

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

View solution in original post

4 Replies 4

donnylee
Cisco Employee
Cisco Employee

Hi,

I am moving this disuccion to Cisco Firewalling community for more appropriate audiences.

The Web Security community is focussing on Cisco Web Security Appliance.

Regards,

Donny

ok thanks Donny, fingers crossed

Hello Rebel Scum (Nice nickname by the way )

so with the ASA you have the option to filter based on the source IP address and destination IP address.

It would be great if you get the IPv4 address used for that specific website so you can do the follow:

filter url except 10.1.1.1 255.255.255.255 4.2.2.2 255.255.255.255 allow

Where the 10.1.1.1 is your Client and 4.2.2.2 the webserver you cannot load

Pretty cool right

Note: Congrats by using the best Content Filter in the market

Looking for some Networking Assistance? 
Contact me directly at jcarvaja@laguiadelnetworking.com

I will fix your problem ASAP.

Cheers,

Julio Carvajal Segura
http://laguiadelnetworking.com

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

thanks Julio, thats a great help & yes I'm really pleased with Websense, no need to worry about proxy servers & you can catch all the smartphone data too

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers