Content Security Module for ASA - SSM-CSC

Answered Question
Sep 8th, 2008
User Badges:

Hi,

Is it possible with that module to filter some of the users filtered (like restricting facebook.com) and others unfiltered? I mean if user based filtering is possible?

thx

Correct Answer by suschoud about 8 years 7 months ago

In asa,you define what traffic should be sent to csc for scanning purpose.


In the acl where you define the traffic,add an entry denying the source ip addresses for which you do not want filtering to be done.



class-map CSC-C

match access-list CSC-TRAFFIC


policy-map global_policy


class CSC-C

csc fail-open



access-list CSC-TRAFFIC line 1 extended deny tcp host x.x.x.x any eq 80


access-list CSC-TRAFFIC line 2 extended permit tcp any any eq 80

access-list CSC-TRAFFIC line 3 extended permit tcp any any eq smtp




In the above example,web traffic from x.x.x.x will not be sent to csc...




HTH

Sushil

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
Loading.
Marwan ALshawi Tue, 09/09/2008 - 03:57
User Badges:
  • Purple, 4500 points or more
  • Community Spotlight Award,

    Best Publication, December 2015

it is possible based on source IP address not user name


if helpful Rate

Correct Answer
suschoud Tue, 09/09/2008 - 09:47
User Badges:
  • Gold, 750 points or more

In asa,you define what traffic should be sent to csc for scanning purpose.


In the acl where you define the traffic,add an entry denying the source ip addresses for which you do not want filtering to be done.



class-map CSC-C

match access-list CSC-TRAFFIC


policy-map global_policy


class CSC-C

csc fail-open



access-list CSC-TRAFFIC line 1 extended deny tcp host x.x.x.x any eq 80


access-list CSC-TRAFFIC line 2 extended permit tcp any any eq 80

access-list CSC-TRAFFIC line 3 extended permit tcp any any eq smtp




In the above example,web traffic from x.x.x.x will not be sent to csc...




HTH

Sushil

Marwan ALshawi Tue, 09/09/2008 - 20:17
User Badges:
  • Purple, 4500 points or more
  • Community Spotlight Award,

    Best Publication, December 2015

i think u were asking about how to filter some websites based on users so i told u

that u can do it through source IP not username

however u seem u were looking how to send spisific traffic to CSC


then this link will give all these details in that regard


http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00808dea62.shtml


good luck


if helpful Rate

Actions

This Discussion