Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2110
Views
0
Helpful
1
Replies

URL-Filtering Smartfilter and HTTPS

jonesl1
Level 1
Level 1

‎12-14-2009 06:52 AM - edited ‎03-11-2019 09:48 AM

Ok....hopefully someone out there can assist me.

I have an dual failover two ASA 5520 scenario that we are using for firewall purposes.  I have the URL filtering setup on these ASA's which are currently filtering http traffic without any problems.  However, when it comes to HTTPS....that's a whole other story.   For some reason I can't get the ASA to send HTTPS traffic to the smartfilter server. 

ASA version = 8.2(1)

Smartfilter version = 4.1.1

Initially before starting this endeavor, we were on a cisco pix failover scenario using version 7.1.   I had contacted TAC and they explained that we had to upgrade in order to resolve this problem.   Therefore, I removed the pix's completely and put in the ASA's with 8.2(1) on them thinking this would fix the problem.   Nope!

I also contacted Mcafee, new owner of Secure Computing which owns Smartfilter, and they advised that version 4.1.1 supports https filtering and it has to be something with the firewall.

Upon further investigation I did a 'show url-server stat' and noticed that i'm not sending any https requests to the filter

*******************************************************************************

Global Statistics:
--------------------
URLs total/allowed/denied         968201/904693/63508
URLs allowed by cache/server      0/904693
URLs denied by cache/server       0/63508
HTTPSs total/allowed/denied       0/0/0
HTTPSs allowed by cache/server    0/0
HTTPSs denied by cache/server     0/0
FTPs total/allowed/denied         0/0/0
FTPs allowed by cache/server      0/0
FTPs denied by cache/server       0/0
Requests dropped                  0
Server timeouts/retries           0/37
Processed rate average 60s/300s   36/31 requests/second
Denied rate average 60s/300s      2/2 requests/second

**********************************************************************************

Here are the commands i have in my config that relate to the URL filtering setup.

url-server (inside) vendor smartfilter host xx.xxx.xxx.xxx port 4005 timeout 30 protocol UDP

filter url http 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 allow
filter url 443 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 allow

It just doesnt seem as if my https traffic is making it to my smartfiliter.   If anyone has any ideas, your help will be very VERY much appreciated. 

Thanks in advance.

Labels:
0 Helpful
1 Reply 1

Kureli Sankar
Cisco Employee
Cisco Employee

‎12-14-2009 10:43 AM

Pls. follow this link:

http://www.cisco.com/en/US/docs/security/asa/asa82/command/reference/ef.html#wp1970383

Try this command below instead of what you have.

filter https 443 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 allow

-KS

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card