Catalyst 6500 block http incomplete request?

Unanswered Question
Aug 8th, 2007

Hello everyone,

I have Catalyst 6500 in my nework, topology like this:

Users (many VLANs) ---> Catalyst6500 ---> SquidProxy ---> Internet

Many users have suffered from virus, there are many request to some sites not real in the internet (ex: winibm.com,..); that causes SquidProxy out of service (down).

I want to block these requests on the Cat6500 so I use IP INSPECT feature, in the following link:

http://www.cisco.com/en/US/products/sw/secursw/ps1018/products_white_paper0900aecd804e5098.shtml

But it seems not to work as I expected: the users go to the Internet very slow, sometime Squid-Proxy is again down.

My question is :

Is there any feature in Catalyst 6500 that solve the problem?

If not, Which module or line card can I upgrade to the Catalyst 6500 to solve thoroughly?

Catayst 6500 use:

- IOS: s72033-ipservicesk9-mz.122-18.SXF6.bin

- CEF720 24 port 1000mb SFP WS-X6724-SFP

- 48-port 10/100/1000 RJ45 EtherModule WS-X6148A-GE-TX

- Supervisor Engine 720 WS-SUP720-3B

My config is:

!

ip inspect max-incomplete high 1200

ip inspect max-incomplete low 1000

ip inspect one-minute low 300

ip inspect one-minute high 400

ip inspect tcp max-incomplete host 50 block-time 10

ip inspect name DDOS http

ip inspect name DDOS tcp

!

interface Vlan100

description ### To Squid Proxy ###

ip inspect DDOS out

!

Many Thanks,

Phuong

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
wochanda Thu, 08/09/2007 - 05:33

Since CBAC is not supported in the hardware forwarding path of the 6500, it is likely the slowness you're seeing is a result of all of these packets being sent to software.

If you're looking for a faster way of doing URL filtering and firewall on the 6500, you probably want to look at the FWSM module. Here is the documentation:

http://www.cisco.com/en/US/docs/security/fwsm/fwsm31/configuration/guide/intro_f.html

nvanphuong Thu, 08/09/2007 - 20:48

Thanks for reply,

"Since CBAC is not supported in the hardware forwarding path of the 6500"

->I really need some links or documents talking about this.

Actions

This Discussion