ASA websense, check primary server, then secondary

Unanswered Question
Sep 30th, 2008

We have websense for our url filtering,

Can ASA 5510 be set up to check a primary server, then if that is not available, to check the secondary.

Will the ASA check from top down?

url-server (inside) vendor websense host Websense timeout 10 protocol UDP version 4

url-server (inside) vendor websense2 host Websense timeout 10 protocol UDP version 4

filter url except 10.250.0.0 255.255.0.0 0.0.0.0 0.0.0.0 allow

filter url http 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 allow

filter url 443 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 allow

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
suschoud Tue, 09/30/2008 - 05:29

Yes,

You can identify up to four filtering servers per context. The security appliance uses the servers in order until a server responds. You can only configure a single type of server (Websense or Secure Computing SmartFilter ) in your configuration.

ASA-5510-8x(config)# url-server (inside) vendor websense host 1.1.1.1

ASA-5510-8x(config)# url-server (inside) vendor websense host 1.1.1.2

Do rate helpful posts.

Regards,

Sushil

wilson_1234_2 Tue, 09/30/2008 - 06:17

Thanks for the reply,

Oops, I had it incorrect, it should be like this right?:

name 10.1.1.1 Websense

name 10.1.1.2 Websense2

url-server (inside) vendor websense host Websense timeout 10 protocol UDP version 4

url-server (inside) vendor websense host Websense2 timeout 10 protocol UDP version 4

filter url except 10.250.0.0 255.255.0.0 0.0.0.0 0.0.0.0 allow

filter url http 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 allow

filter url 443 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 allow

wilson_1234_2 Mon, 10/06/2008 - 10:49

Since implementing this I am getting the "url server not responding" every five seconds.

Can I adjust this to something like having the ASA check every two minutes?

Actions

This Discussion