Protocol Filtering

estadlercisco · ‎10-03-2009

I have a 2851 doing URL filtering with Websense. The inspect is called websense and applied to the inside interface of the router. Any requests from clients would be hitting this interface only. URL filtering is working as advertised.

Websense has the capability to filter protocols, i.e. FTP, NNTP etc... How do I configure the router to redirect protocol requests from the client to websense?

Below is a snippet of the Router configuration:

ip inspect name websense http urlfilter

ip inspect name websense ssh

ip inspect name websense ftp

ip urlfilter audit-trail

ip urlfilter urlf-server-log

ip urlfilter server vendor websense 10.60.7.36

interface GigabitEthernet0/0

description **LAN**

ip address 10.60.254.2 255.255.255.0

ip accounting output-packets

ip wccp 61 redirect in

ip nat inside

ip inspect websense in

ip virtual-reassembly

duplex auto

speed auto

snmp trap link-status permit duplicates

Giuseppe Larosa · ‎10-04-2009

Hello Eric,

you have configured both WCCP and IP inspect on the interface.

IP inspect is a filter, WCCP has the capabilities to divert traffic to a web cache.

WCCPv2 is not limited to HTTP traffic, so you should see to whom the feature is redirecting traffic.

Eventually you should modify WCCP group 61 configuration to divert the other protocols to the websense appliance.

if this is not possible, that is WCCP destination is another device and/or Websense doesn't talk WCCP you should think to use PBR instead of WCCP.

PBR using multiple route-map clauses can do what you need.

Hope to help

Giuseppe

estadlercisco · ‎10-04-2009

WCCP is being used for WAAS. I'm not sure if websense talks WCCP, i'll read on that one. Can I specify 2 WCCP lists on the same interface in the same direction?

Giuseppe Larosa · ‎10-04-2009

Hello Eric,

I may be wrong but I don'think websense can talk WCCP.

being this a sw based router you should be able to add PBR for the Websense.

Hope to help

Giuseppe