Solved: Web Filtering Cisco ASA 5510

Neji Jihed · ‎05-28-2013

Hello !

I m a netword administrator, and i have been looking how to setup web filtering in a network, we are using cisco asa 5510 as a firewall and i have been looking for a way to block url such as facebook and streaming web sites since users are allowed to access to any website and they have been downloding stuff lately and i cant controll the bandwith!!

What u guys recommand !

Thanks

Luis Silva Benavides · ‎05-30-2013

Hi Neji,

Here you have all the content security options available on the ASA. I think only the CX doesn't apply to your HW but the other options are available.

Block URLs using Regular Experessions (Regex)

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080940e04.shtml

CSC module:

http://www.cisco.com/en/US/products/ps6823/index.html

How to enable the CSC module:

http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/ssm.html

ASA CX module (ASA 5512,5525,5545,5545,5555)

http://www.cisco.com/en/US/docs/security/asa/quick_start/cx/cx_qsg.html

Scansafe:

http://www.cisco.com/web/about/ac49/ac0/ac1/ac259/scansafe.html

Configuration Cisco Cloud Web Security

http://www.cisco.com/en/US/docs/security/asa/asa90/configuration/guide/protect_cloud_web_security.html#wp1559223

Ironport:

http://www.cisco.com/web/about/ac49/ac0/ac1/ac259/ironport.html

How to integrate the ASA with Ironport (WCCP):

https://supportforums.cisco.com/docs/DOC-12623

HTH

Luis Silva

"If you need PDI (Planning, Design, Implement) assistance feel free to reach"

http://www.cisco.com/web/partners/tools/pdihd.html

Luis Silva

View solution in original post

Luis Silva Benavides · ‎05-30-2013

Hi Neji,

Here you have all the content security options available on the ASA. I think only the CX doesn't apply to your HW but the other options are available.

Block URLs using Regular Experessions (Regex)

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080940e04.shtml

CSC module:

http://www.cisco.com/en/US/products/ps6823/index.html

How to enable the CSC module:

http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/ssm.html

ASA CX module (ASA 5512,5525,5545,5545,5555)

http://www.cisco.com/en/US/docs/security/asa/quick_start/cx/cx_qsg.html

Scansafe:

http://www.cisco.com/web/about/ac49/ac0/ac1/ac259/scansafe.html

Configuration Cisco Cloud Web Security

http://www.cisco.com/en/US/docs/security/asa/asa90/configuration/guide/protect_cloud_web_security.html#wp1559223

Ironport:

http://www.cisco.com/web/about/ac49/ac0/ac1/ac259/ironport.html

How to integrate the ASA with Ironport (WCCP):

https://supportforums.cisco.com/docs/DOC-12623

HTH

Luis Silva

"If you need PDI (Planning, Design, Implement) assistance feel free to reach"

http://www.cisco.com/web/partners/tools/pdihd.html

Luis Silva

Neji Jihed · ‎10-03-2013

Thanks a lot for your reply, actually i found a lot better solution,

i have made a squid server in the network with acl and proxy parent redirection ... and i have created an ACL on the inside interface inbound trafic allowing only the ip address of the proxy server on HTTP and HTTPS, i made the IP of the proxy the first ACL, and then i defined other ACL for SSH, Telnet and UDP going thouth the interface without problme, and that way all user on the network have to use the squid ip address to go to internet, other way to say this is that i have created a new gateway before the inside interface of the ASA, i have tested every thing its working 100% but i have always to keep an eye on the Virtual machine where squid is installed, to make sure is having eneough ram and disk space for logs and every thing else.

for any one who need help on this subject, i ready for your question, feel free to ask

Thank you