PIX inspect http problem

george.goebel · ‎10-19-2007

WE have our PIX version 7.2(2) using http inspection and set to drop protocol violations. The problem is, that it drops the Microsoft Updates. Anybody have an idea how to allow the MS Updates to work while still using the inspect http policy.

JORGE RODRIGUEZ · ‎10-19-2007

George, I believe you would have to work with creating policy and class-map to classify certain traffic, by default global policy does not inspect http but since you have altered this you would need to create a policy whereby you can apply acl to allow certain http traffic to not be ispected.

I have not done this as we have websence for filtering http but have read about it, if someone can point a good link that will be great or if there is any other way to do it.. if I find a good example link I will posted.

Rgds

Jorge

Jorge Rodriguez

JORGE RODRIGUEZ · ‎10-19-2007

George, this is the link you would want to reference , applying application layer protocol inspection, this covers module policy framework and class-maps for your particular request.

http://www.cisco.com/en/US/customer/docs/security/asa/asa72/configuration/guide/inspect.html

Jorge Rodriguez

george.goebel · ‎10-22-2007

Thanks. It took a little head scratching but it works now.