cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2136
Views
0
Helpful
15
Replies

Problem with categorization of websites

Recently I have installed S650 and upgraded to latest available Asynch OS.

I am using Web filter engine of Cisco web usuage control not ironport content filter.

Problems associated are:

1. Web-based chat and IM (instant messaging) categorization is not happening properly. Ofcourse by creating customized web categoraization i could able to block gtalk from gmail.

2. Online trading sites are recognized as FINANCE category in IRONPORT Content filter, whereas those site should come under ONLINE TRADING category which is not happening and identified under FINANCE category.

Hope problem with web categorization engine problem. Please help me by providing right solution.

Note: Categorization for other websites are perfect.

15 Replies 15

dingall
Level 1
Level 1

I believe we may be experiencing a similar problem.

According to the lookup tool on the IronPort support site, Facebook is categorised as "Social Networking", whereas it always used to be "Personals & Dating". But our IronPort appliances don't have a Social networking category available, so we can't block it!

We've ended up having to manually block common social networking sites which is not good.

It almost looks like there has been a fairly significant change to the URL database, but the software on the appliances hasn't been updated to match.

Might log a support call to see what's going on, and will report back the results.

kevin.somers
Level 1
Level 1

dangerousd,

Social Networking is included with Web Usage Controls licensing, not Ironport URL filters. Are you sure about your license?

Tim Jackson
Level 1
Level 1

Hey guys, I'm seeing a similar issue. Myspace/Facebook/Twitter used to be classified under Personals and Dating. An access log grep on the WSA now shows that they've been reclassified under blogs and forums. This presents a problem for us in that now all of our users can get to those sites since we allow blogs and forums. We were fine with blocking the entire personals and dating category but not the blogs and forums.

Was this reclassification intentional? I don't want to redo our access policies only to find it's changed back to personals and dating.


-Tim

dingall
Level 1
Level 1

Ignore the detail from my post!!

We're in the same boat as Tim. We recently allowed Blogs & Forums, but specifically blocked Personals & Dating. This does appear to be an error, because if you check the classification using the correct online tool (!), it still shows as Personals & Dating.

Think we need to raise this as a support issue.

David Paschich
Level 1
Level 1

Some of the confusion here may arise from our recent launch of a new URL filtering offering, Cisco IronPort Web Usage Controls. This is an alternative to the older IronPort URL Filters product.

I'll not go into the differences between the two here, but because we now have two URL filtering offerings, there are now two URL lookup tools on the support portal. Make sure you're using the correct lookup tool for the URL filtering license you have.

If you're running version 6.0 or earlier, you have IronPort URL Filters; the new offering requires version 6.3.

If you're running 6.3 and aren't sure which URL filter you're using, you can see this in the UI under Security Services -> Acceptable Use Controls

Tim Jackson
Level 1
Level 1

We are on version 5.6. Bottom line is the categorization of Facebook and Myspace was recently changed to Blogs and Forums. That broke our configuration because now all of our users can get to those sites without authenticating. Was the re-categorization by design? I would think high profile sites like those would not be switch without giving a heads up to the community.

dingall
Level 1
Level 1

Has it definitely changed though? If you check the IronPort URL filter tool (SurfControl) it's still showing as Personals & Dating for update version 2402 (which is what's running on our boxes).

But Tim's previous post shows that the actual category their assigned on the IronPort appliance is different - it's coming up as Blogs & Forums.

Tim Jackson
Level 1
Level 1

Grepping the logs and the policy trace tool is showing Blogs and Forums. My URL filtering engine is 5200 and the DB is at 2402.

Tim Jackson
Level 1
Level 1

Actually I just ran the policy trace again. Facebook is now back to Personals and Dating but Myspace is still Blogs and Forums. I would bet Facebook changed back in this 2402 update. Now how about Myspace?

angfeglandagan
Level 1
Level 1

hi...it seemed that this was also happened to me...

i already allowed the chat url category on my WSA running 6.0 version...but users cant access ym/msn.

is this somethin to do with the new version code?

whether WSA is in FORWARDED or TRANAPRENT ....?

If in TRANSPARENT mode, for traffic redirection WCCP or L4 switch is used....?

Please brief the design......

Tim Jackson
Level 1
Level 1

Siva - Are you directing that question to kira? I'm not sure how the proxy mode is relevant to URL categorization

whoisager
Level 1
Level 1

Some of the confusion here may arise from our recent launch of a new URL filtering offering, Cisco IronPort Web Usage Controls.  This is an alternative to the older IronPort URL Filters product.

I'll not go into the differences between the two here, but because we now have two URL filtering offerings, there are now two URL lookup tools on the support portal. Make sure you're using the correct lookup tool for the URL filtering license you have.

If you're running version 6.0 or earlier, you have IronPort URL Filters; the new offering requires version 6.3.

If you're running 6.3 and aren't sure which URL filter you're using, you can see this in the UI under Security Services -> Acceptable Use Controls

So after upgrading to 6.3 are we required to pay for the "IronPort Web Usage Controls" feature? I'm asking becuse we have almost three years left on our subscription and the option to choose "IronPort Web Usage Controls" is greyed out. Also it seems to be an either/or kind of thing.

john.phillips
Level 1
Level 1

]
So after upgrading to 6.3 are we required to pay for the "IronPort Web Usage Controls" feature? I'm asking becuse we have almost three years left on our subscription and the option to choose "IronPort Web Usage Controls" is greyed out. Also it seems to be an either/or kind of thing.


As far as I know there is no cost if you have already got an existing subscription, you need to have your licence upgraded / tweaked or "something" , We did this through our supplier. rather than Ironport support.
once this has happened the feature key is unlocked and available to download to the appliance.

Then with this key on the device the option under the "Acceptable Use Controls" section of the administration page is available..

It is an either / or option though, you can't run URL Filtering and Web Usage Controls at the same time, however you can disable the dymanic content analysis part of it if you don't like it. It is possible to switch back and forth between the two (URL filtering and WUC), however it wipes the settings of the categories so they all become "monitor" It doesn't touch your custom categories though

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: