The purpose of this document is to provide you an example of how to block any website, like facebook, using the local content filtering on Cisco IOS based routers.
We are faced with a challenge of blocking the social media/any website on the router towards the edge of the network so that no one from inside the network can connect to the blocked site. Generally you would be using a websense or n2h2 or trend micro server to filter out the traffic, however, you want to configure this locally on the IOS of the router.
The following example considers that you have a fair understanding of configuring zone based firewall (ZBF) on the Cisco IOS routers. Please enter the following configurations to block the website "facebook" based on pattern "*.facebook.com" or "facebook.com".
This section specifies content filtering to be "local" on the IOS. The other options are to use "trend", "n2h2", and "websense".
parameter-map type urlfpolicy local U-FILTER
block-page message "This webpage is blocked by the Network Admin."
This section specifies content filtering pattern to match the desired site, like, facebook.
parameter-map type urlf-glob FB
This section specifies content filtering pattern to match all the other sites, so that we can permit them later.
parameter-map type urlf-glob ALLOWED
This section specifies content filtering filter class to match the pattern that we created earlier.
class-map type urlfilter match-any BLOCK
match server-domain urlf-glob FB
class-map type urlfilter match-any ALLOWED
match server-domain urlf-glob ALLOWED
This section specifies the traffic that the Cisco IOS will inspect or match.
class-map type inspect match-any DNS
match protocol dns
class-map type inspect match-any HTTP
match protocol http
class-map match-all HTTPS
match protocol secure-http
class-map type inspect match-all HTTPS1
match protocol https
This section specifies a policy map that will tie the filter classes and the action to be taken.
policy-map type inspect urlfilter BLOCK
parameter type urlfpolicy local U-FILTER
class type urlfilter BLOCK
class type urlfilter ALLOW
This section specifies the traffic class and its inspection.
policy-map type inspect INOUT
class type inspect HTTP
service-policy urlfilter BLOCK
class type inspect DNS
class type inspect HTTPS1
This section ties the inspection service policy to the zone-pair.
Anybody please help me to sort the issue with IPsec profiling in site to site VPN between Fortigate and Cisco rv042 .Since i haven't find any KBA article relevant to this topic.How i shall select the encryotion, hashing and DH group for both phase 1 and 2...
My company laptop will only access the internet when connected via Cisco AnyConnect VPN. I would like to be able to access the web without having to go through this VPN as it is highly restricting - yes, I am aware that it serves a purpose in filtering th...
Hello, Here's a simple topology: For the VLAN2, I'd like to allow only internet traffic. Here's the ACL:access-list 100 permit tcp 192.168.2.0 0.0.0.255 any eq 80access-list 100 permit tcp 192.168.2.0 0.0.0.255 any eq 443access-list 100 per...
I tried to create OSPF neighbors between Inside and dmz.As below topology, ASAv g0/1 connected to inside_2, g0/2 connected to dmzASAv g0/1 18.104.22.168/24ASAv g0/2 192.168.244.254/24Inside_2 e0/0 22.214.171.124/24， lo0 126.96.36.199/24dmz ...
Hello. I configured ISE Dot1.x to authenticate the users with AD over PEAP and inner method MSCHAPv.2 .Every things goes well, until a new user in Active Directory wants to login for the fist time on domain PC.The new user don't have any previous log...