Content Security Module for ASA - SSM-CSC

Answered Question
Sep 8th, 2008

Hi,

Is it possible with that module to filter some of the users filtered (like restricting facebook.com) and others unfiltered? I mean if user based filtering is possible?

thx

I have this problem too.
0 votes
Correct Answer by suschoud about 8 years 2 months ago

In asa,you define what traffic should be sent to csc for scanning purpose.

In the acl where you define the traffic,add an entry denying the source ip addresses for which you do not want filtering to be done.

class-map CSC-C

match access-list CSC-TRAFFIC

policy-map global_policy

class CSC-C

csc fail-open

access-list CSC-TRAFFIC line 1 extended deny tcp host x.x.x.x any eq 80

access-list CSC-TRAFFIC line 2 extended permit tcp any any eq 80

access-list CSC-TRAFFIC line 3 extended permit tcp any any eq smtp

In the above example,web traffic from x.x.x.x will not be sent to csc...

HTH

Sushil

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
Loading.
Correct Answer
suschoud Tue, 09/09/2008 - 09:47

In asa,you define what traffic should be sent to csc for scanning purpose.

In the acl where you define the traffic,add an entry denying the source ip addresses for which you do not want filtering to be done.

class-map CSC-C

match access-list CSC-TRAFFIC

policy-map global_policy

class CSC-C

csc fail-open

access-list CSC-TRAFFIC line 1 extended deny tcp host x.x.x.x any eq 80

access-list CSC-TRAFFIC line 2 extended permit tcp any any eq 80

access-list CSC-TRAFFIC line 3 extended permit tcp any any eq smtp

In the above example,web traffic from x.x.x.x will not be sent to csc...

HTH

Sushil

Actions

This Discussion