Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
415
Views
0
Helpful
2
Replies

URL filtering

Go to solution
Rolando Valenzuela
Level 4
Level 4

‎09-08-2015 03:27 PM - edited ‎03-11-2019 11:34 PM

Hello community!

I was reading the following article: ASA URL filtering without a Websense and I have additional questions regarding that process.

Is my understanding that the website denied is denied globally thanks to the command service-policy global_policy global, which means that if I have 10 networks on my firewall, the traffic to that website is going to be denied for all of them, right? 

I know that the example shows how to apply the rule to an specific host and we can have some flexibility due the ACL we have to set, but still this is a global setting right?

Is there a way I can setup this rule to only one interface? What about scalability can I set multiple rules for different type of traffic? 

Thanks!

 

 

 

 

 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎09-08-2015 07:14 PM

I've seen this feature used maybe once in production and I've worked on hundreds of ASAs. It's not very robust and most people only ever did it as an experiment to see if they could.

Anybody serious about URL filtering will use either a proxy or something like the FirePOWER service module.

That said, you can apply the service policy either globally or on a specific interface. As shown in the article example:

service-policy http-traffic interface inside

...would do it for the interface with nameif "inside".

See also the CLI configuration guide reference.

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎09-08-2015 07:14 PM

I've seen this feature used maybe once in production and I've worked on hundreds of ASAs. It's not very robust and most people only ever did it as an experiment to see if they could.

Anybody serious about URL filtering will use either a proxy or something like the FirePOWER service module.

That said, you can apply the service policy either globally or on a specific interface. As shown in the article example:

service-policy http-traffic interface inside

...would do it for the interface with nameif "inside".

See also the CLI configuration guide reference.

0 Helpful

Go to solution
Rolando Valenzuela
Level 4
Level 4
In response to Marvin Rhoads

‎09-09-2015 07:44 AM

Hi Marvin! :D

That is exactly what I was looking for: "I've seen this feature used maybe once in production [...] It's not very robust..."

I'm playing with a ASA v9.x and reading about the FQDN feature implemented I came across with the article I previously quoted "ASA URL filtering without a Websense" and I wanted to know how much you can do with it.

Thank you very much for all the help :D

Regards!

 

 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card