Thanks for your response.

I apologize it is Cisco Router 877 and the running IOS c870-advsecurityk9-mz.124-15.T12.bin

Samir

Hi,

Which version of JRE are you using and what's your OS?

Regards.

Alain.

I'm using JRE 5 update 5, Windows 7 OS and IE9

Samir.

Hi,

Are you doing advanced firewall ?

Regards.

Alain.

I want to perform URL Filtering. For that reason I want to access application security.

Please see the attached snap which I cropped from one of the cisco documents.

Hi,

Can you post  the show run | begin zone| ip inspect output.

I think you have to use CBAC or ZBF to use this feature but I'm not 100% sure as I've used SDM only for certifications purpose.

Regards.

Alain.

Hi,

I've applied the above command but no output was recieved.

Regard's

Samir

Hi,

Before you can do any URL filtering, you would need to create an application security policy on the router first:

Choose a Policy Name (from the drop-down list) > Action > Add

Enable URL filtering by ticking "Enable URL Filtering" box.

Sent from Cisco Technical Support iPhone App

Hi johnlloyd_13,

That's the issue I cannot find the applicaton security tab under Firewall and ACL. Please advice.

Hi,

Let me try to re-create your scenario with one of our 877s and let you know the outcome. Meanwhile, I would suggest to re-install SDM, try other PC and web browser, make sure you have turned off pop-up blocking and got the lateast Java.

Also, I would recommend to learn implementing IOS FW via CLI if in case the router/SDM doesn't support it.

Sent from Cisco Technical Support iPhone App

hi,

i've tried to simulate your issue and it doesn't seem to have the option for the security application tab as well. i'm using SDM v2.5 and 877 running IOS c870-advsecurityk9-mz.124-15.T6.bin.

my advise is to use the advanced firewall option instead for your URL filtering.

Advanced Firewall > Launch Selected task > select Untrust and Trust Interfaces > select Security Level

here's the command summary before applying them (i didn't applied it because my router is in a live production). see bottom option for URL filtering option.

----

Note: Do not select the interface through which you accessed SDM as the outside (untrusted) interface. If you do, you will not be able to launch SDM from that interface after you complete the Firewall Wizard.

Inside(trusted) Interfaces:

    Vlan1 (203.x.x.x)

Outside(untrusted) Interfaces:

    ATM0 (202.x.x.x)

Service Policy Configuration:

In-zone -> Out-zone:

    Inspect TCP,UDP,H323,SIP,SCCP and other protocols

    Deny packets with invalid ip address as source

Application Inspection for HTTP:

    Block HTTP port-misuse for IP,P2P

    Block HTTP protocol violation

    Block HTTP request methods other than post,head,get

    Allow port-misuse for tunneling with log

Application Inspection for Instant Messaging:

    Allow text chat services of msn,yahoo,aol with log action

    Deny other actions for msn,yahoo,aol

Application Inspection for P2P:

    Allow text-chat over edonkey and block download

    Allow download with fastrack,gnutella and kazaa2 with log

Application Inspection for Email:    Log invalid command for imap,pop3

Self -> Out-zone:

    Inspect router generated ICMP traffic

Out-zone -> Self:

    Deny all other traffic.

URL Filter Server Configuration:  

    URL Filter Server Type:Secure Computing

    IP Address or Hostname:

Hi,

But this option was visible until I changed the java version. I could not remember which JRE version I was using.

Regard's

Samir.

Hi,

If you're using a Windows PC, maybe you can do a system restore on the point or date on which it was working for you.

Otherwise, try the options I've suggested either using the Advanced FW or via CLI.

Sent from Cisco Technical Support iPhone App