Inspection not working properly

cisconoobie · ‎02-22-2007

I need some help with this.

I created a new security policy rule that inspects http traffic for .bittorrent. I applied it to the global. The global already inspects certain default inspections.

It works ok and stops users from downloading .bittorrent files but everything else http is messed up like I cant get to Windows Update or use other services.

My Setup is this:

Global default Inspection policy to inspect traffic. I created a new HTTP inspection policy and added to global. Is there a implicit deny for these policies ? How do I make sure that both global policies go through ?

I also have a outside policy for certain traffic to be LLQ.

ymzhang · ‎02-22-2007

Hi,

You need to give more context here. What's the platform you are using. What is the OS version?

If you are using the feature on Cisco routers, please check http://www.cisco.com/go/iosfirewall and http://www.cisco.com/go/iosips

The feature you are refering should be under iosfirewall and look for application firewall. You can also try to use IOS IPS, which is a signature based IPS system.

Thanks,

-Chris

mhellman · ‎02-23-2007

You might try disabling the HTTP RFC compliance checking. I don't have a device in front of me, but I believe it's a checkbox that only shows up in the "advanced" view. I think it's checked by default.

cisconoobie · ‎02-23-2007

I contacted Cisco TAc and found out that they have a bug with http inspection on ASA5500 7.2. basically if you create an http inspection rule, you have to set "Protocol Violations" to log only, otherwise it will not allow things like activex, etc.