Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
632
Views
0
Helpful
1
Replies

websense web filtering not working with 2911 with zone based firewall

Stan Spice
Level 1
Level 1

‎01-22-2015 11:13 AM - edited ‎03-11-2019 10:22 PM

Hi,

 

Any one ran into this issue

We use websense for guest wifi but i dont see requests hitting websense server

config is below

 

 

class-map type inspect match-any test-1
 match protocol http

policy-map type inspect Wifi-test
 class type inspect  test-1
  inspect

urlfilter websense-parmap
 class class-default
  drop

parameter-map type urlfilter websense-parmap
 server vendor websense 10.10.1.4
 source-interface GigabitEthernet0/2
 allow-mode on
 cache 100

zone-pair security Wifi-in-out source Wifi destination outside
service-policy type inspect Wifi-test

interface GigabitEthernet0/1
 description Internet
 ip address 192.168.10.1 255.255.255.0
 ip nbar protocol-discovery
 ip nat inside
 ip virtual-reassembly in
 zone-member security Wifi
interface GigabitEthernet0/2
 description LAN
 ip address 10.10.4.1 255.255.255.0
zone-member security inside

Labels:
0 Helpful
1 Reply 1

Menezesa
Level 1
Level 1

‎01-30-2015 11:17 AM

Hi Stan,

You should be able to adapt this config example to your environment.

Andy-

!
class-map type inspect match-any http-cm
 match protocol http

!
parameter-map type urlfpolicy websense websense-parm
 server <websense server IP>
 source-interface <lan interface>
 allow-mode on
 truncate hostname

!
class-map type urlfilter websense match-any websense-cm
 match server-response any

!
policy-map type inspect urlfilter websense-pm
 parameter type urlfpolicy websense websense-parm
 class type urlfilter websense websense-cm
  server-specified-action

!
policy-map type inspect Inside->Internet-pm
 description Inside trusted to Internet
 class type inspect http-cm
  inspect
  service-policy urlfilter websense-pm
 class type inspect Inside->Internet-cm
  inspect
 class class-default
  drop

!
zone-pair security Inside->Internet source Inside destination Internet
 service-policy type inspect Inside->Internet-pm


!-------------------------------------------------------------
! to check status & url block counts
!
show policy-map type inspect zone-pair Inside->Internet urlfilter

 

 

 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card
Top