The Subscription-based Cisco IOS Content Filtering feature interacts with the Trend Micro URL filtering service so that HTTP requests can be allowed or blocked, and logged, based on a content filtering policy. The content filtering policy specifies how to handle items such as web categories, reputations (or security ratings), trusted domains, untrusted domains, and keywords. URLs are cached on the router, so that subsequent requests for the same URL do not require a lookup request, thus improving performance.
On August 17, 2012 the Identity certificate was changed on the Trend Micro server that the Cisco IOS device talks to. Since the new identity certificate is signed by a different Certificate Authority (CA), all users of the Cisco IOS Content Filtering feature must replace the CA certificate installed on the Cisco IOS device with the new CA certificate listed below, for the content filtering feature to continue working after August 17, 2012.
Affected users (which is all users who are using the Cisco IOS Content Filtering Feature), must log into their Cisco IOS device and update the CA Certificate for the Trend Micro server. In the below example, the trustpoint name is trendmicro, however it may be different on your specific device. You may however just copy and paste in the commands below (in configuration mode) to install the new CA certificate.
Step 1 - Remove Existing (old) CA Certificate
Issue the command no crypto pki trustpoint trendmicro (where trendmicro is the current name of your trustpoint). You will be prompted to ensure you want to delete the existing trustpoint, choose Yes.
Have some ISE 3595's on the shelf. (understand these are EOS as of March). Need to get them off the shelf and deployed. Believe there's a total of 40K possible endpoints at this time.Question regarding Hybrid deployment with the PAN+MNT in the ...
I am trying to have ISE ( v2.4 ) auto-enroll itself via SCEP to receive device certs from an external SCEP server ( LINUX ).however i am not seeing the 'crypto pki trustpoint' command on the ISE server via which i am to configure / request for cert via th...
Hi Guys, anybody here knows what is the use of the command below in the switches? aaa accounting identity start-stop group radius? I searched over the internet but it have only minimal information. Thanks for the help.
Dear Cisco ISE Community,
I’m looking for a suggestion, or a best practice, to effectively combine the redirection to ISE Captive Portal with the usage of a web proxy, on a non-standard port.
Are you aware of any indication on this topic?
Hi experts,I would like any suggestions on this topology. We are is the middle of replacing our old ASA5520 with the new FirePower. Our current firewall terminate our IPsec tunnels and the GRE is terminated on the first inside router's loopback on the sec...