10-28-2009 06:36 PM
Recently I have installed S650 and upgraded to latest available Asynch OS.
I am using Web filter engine of Cisco web usuage control not ironport content filter.
Problems associated are:
1. Web-based chat and IM (instant messaging) categorization is not happening properly. Ofcourse by creating customized web categoraization i could able to block gtalk from gmail.
2. Online trading sites are recognized as FINANCE category in IRONPORT Content filter, whereas those site should come under ONLINE TRADING category which is not happening and identified under FINANCE category.
Hope problem with web categorization engine problem. Please help me by providing right solution.
Note: Categorization for other websites are perfect.
10-29-2009 02:04 PM
I believe we may be experiencing a similar problem.
According to the lookup tool on the IronPort support site, Facebook is categorised as "Social Networking", whereas it always used to be "Personals & Dating". But our IronPort appliances don't have a Social networking category available, so we can't block it!
We've ended up having to manually block common social networking sites which is not good.
It almost looks like there has been a fairly significant change to the URL database, but the software on the appliances hasn't been updated to match.
Might log a support call to see what's going on, and will report back the results.
10-29-2009 04:57 PM
dangerousd,
Social Networking is included with Web Usage Controls licensing, not Ironport URL filters. Are you sure about your license?
10-29-2009 06:05 PM
Hey guys, I'm seeing a similar issue. Myspace/Facebook/Twitter used to be classified under Personals and Dating. An access log grep on the WSA now shows that they've been reclassified under blogs and forums. This presents a problem for us in that now all of our users can get to those sites since we allow blogs and forums. We were fine with blocking the entire personals and dating category but not the blogs and forums.
Was this reclassification intentional? I don't want to redo our access policies only to find it's changed back to personals and dating.
-Tim
10-30-2009 10:17 AM
Ignore the detail from my post!!
We're in the same boat as Tim. We recently allowed Blogs & Forums, but specifically blocked Personals & Dating. This does appear to be an error, because if you check the classification using the correct online tool (!), it still shows as Personals & Dating.
Think we need to raise this as a support issue.
10-30-2009 05:06 PM
Some of the confusion here may arise from our recent launch of a new URL filtering offering, Cisco IronPort Web Usage Controls. This is an alternative to the older IronPort URL Filters product.
I'll not go into the differences between the two here, but because we now have two URL filtering offerings, there are now two URL lookup tools on the support portal. Make sure you're using the correct lookup tool for the URL filtering license you have.
If you're running version 6.0 or earlier, you have IronPort URL Filters; the new offering requires version 6.3.
If you're running 6.3 and aren't sure which URL filter you're using, you can see this in the UI under Security Services -> Acceptable Use Controls
10-30-2009 05:12 PM
We are on version 5.6. Bottom line is the categorization of Facebook and Myspace was recently changed to Blogs and Forums. That broke our configuration because now all of our users can get to those sites without authenticating. Was the re-categorization by design? I would think high profile sites like those would not be switch without giving a heads up to the community.
10-30-2009 05:16 PM
Has it definitely changed though? If you check the IronPort URL filter tool (SurfControl) it's still showing as Personals & Dating for update version 2402 (which is what's running on our boxes).
But Tim's previous post shows that the actual category their assigned on the IronPort appliance is different - it's coming up as Blogs & Forums.
10-30-2009 05:24 PM
Grepping the logs and the policy trace tool is showing Blogs and Forums. My URL filtering engine is 5200 and the DB is at 2402.
10-30-2009 05:27 PM
Actually I just ran the policy trace again. Facebook is now back to Personals and Dating but Myspace is still Blogs and Forums. I would bet Facebook changed back in this 2402 update. Now how about Myspace?
10-31-2009 12:06 PM
hi...it seemed that this was also happened to me...
i already allowed the chat url category on my WSA running 6.0 version...but users cant access ym/msn.
is this somethin to do with the new version code?
11-02-2009 04:16 AM
whether WSA is in FORWARDED or TRANAPRENT ....?
If in TRANSPARENT mode, for traffic redirection WCCP or L4 switch is used....?
Please brief the design......
11-02-2009 03:15 PM
Siva - Are you directing that question to kira? I'm not sure how the proxy mode is relevant to URL categorization
12-09-2009 12:32 AM
Some of the confusion here may arise from our recent launch of a new URL filtering offering, Cisco IronPort Web Usage Controls. This is an alternative to the older IronPort URL Filters product.
I'll not go into the differences between the two here, but because we now have two URL filtering offerings, there are now two URL lookup tools on the support portal. Make sure you're using the correct lookup tool for the URL filtering license you have.
If you're running version 6.0 or earlier, you have IronPort URL Filters; the new offering requires version 6.3.
If you're running 6.3 and aren't sure which URL filter you're using, you can see this in the UI under Security Services -> Acceptable Use Controls
12-09-2009 12:30 PM
]
So after upgrading to 6.3 are we required to pay for the "IronPort Web Usage Controls" feature? I'm asking becuse we have almost three years left on our subscription and the option to choose "IronPort Web Usage Controls" is greyed out. Also it seems to be an either/or kind of thing.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide