Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4697
Views
0
Helpful
13
Replies

TrendMicro Interscan on ASA - block https??

Go to solution
dimensyssrl
Level 1
Level 1

‎06-16-2009 05:46 AM - edited ‎02-21-2020 03:31 AM

Is it possible to block urls that link to an https site? I've configured ASA to redirect to it this type of traffic, but it doesn't block it...

Thanks

Daniele

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
dfarrell
Level 1
Level 1
In response to kwillacey

‎07-31-2009 04:33 PM

http://www.cisco.com/en/US/docs/security/csc/csc60/administration/guide/csc1.html

..."Trend Micro InterScan for Cisco CSC SSM (Content Security and Control Security Services Module) provides an all-in-one antivirus and spyware management solution for your network. This guide provides a conceptual explanation of how to manage the CSC SSM, which is resident in your Cisco appliance to do the following:

•Detect and take action on viruses, worms, Trojans, and other threats in your SMTP, POP3, HTTP, and FTP network traffic

Note Traffic utilizing other protocols, such as HTTPS, is not scanned by CSC SSM.

•Block compressed or very large files that exceed specified parameters

•Scan for and remove spyware, adware, and other types of grayware ..."

View solution in original post

0 Helpful
13 Replies 13

Go to solution
Farrukh Haroon
VIP Alumni
VIP Alumni

‎06-16-2009 11:57 PM

Different web servers implement redirection in different ways, it would be very difficult to block all of these on the ASA).

You want to block HTTPS websites or redirection? This redirection is actually a security enhancement feature, why do you want to block it?

Regards

Farrukh

0 Helpful

Go to solution
dimensyssrl
Level 1
Level 1
In response to Farrukh Haroon

‎06-25-2009 02:21 AM

I want to block certain sites/urls, like for example:

https://www.facebook.com/

Now I've configured InterScan to block this domain, but if I try to connect in https it doesn't block this connection (while if I try in http it block connection properly).

Thanks

Daniele

0 Helpful

Go to solution
Farrukh Haroon
VIP Alumni
VIP Alumni
In response to dimensyssrl

‎06-25-2009 02:24 AM

Are you using Cisco ASA CSC module or a standalone TrendMicro IWSS?

Btw what string hvae you configured in the blocking? Have you used wildcards?

Regards

Farrukh

0 Helpful

Go to solution
dimensyssrl
Level 1
Level 1
In response to Farrukh Haroon

‎06-25-2009 02:31 AM

I'm using ASA CSC module.

I've configured:

Web (HTTP) --> URL Blocking --> URL keyword (example: 'yyy' string matches all URLs containing 'yyy')

and inserted there facebook.

So, CSC insert *facebook* into Block List.

But then it blocks only http connection and not https ones.

Into ASA configuration, I've configured http and https traffic to be redirected to CSC...

0 Helpful

Go to solution
dimensyssrl
Level 1
Level 1
In response to dimensyssrl

‎07-23-2009 02:54 AM

anyone that can help me?

0 Helpful

Go to solution
Farrukh Haroon
VIP Alumni
VIP Alumni
In response to dimensyssrl

‎07-24-2009 10:52 PM

It works perfectly fine on our Trendmicro IWSS server, here is a sample block message:

IWSS Security Event

Access to this URL is currently restricted due to a blocking rule.

URL: www.apple.com:443

Rule: Block URLs of type Administrator-defined

If you feel you have reached this message in error, please contact your network administrator.

Please can you send me the screenshot of the page where you configured the block URLS in the CSC module?

Regards

Farrukh

0 Helpful

Go to solution
dimensyssrl
Level 1
Level 1
In response to Farrukh Haroon

‎07-29-2009 01:23 AM

Here it is.

There is asa traffic redirection configuration also.

My ip is into network 10.168.32.0/24.

If I try https://www.facebook.com/ it doesn't block me.

If I try http://www.facebook.com/ it block me.

Thanks and sorry for the delay in my reply.

Preview file
102 KB
0 Helpful

Go to solution
dimensyssrl
Level 1
Level 1
In response to dimensyssrl

‎07-30-2009 02:52 AM

I can't understand why this happens... Configuration is the same for http or https traffic...

Is there anybody out there that can explain me why?

0 Helpful

Go to solution
kwillacey
Level 3
Level 3
In response to dimensyssrl

‎07-31-2009 01:50 PM

As far as I know the csc trenmicro module does not do https, only http. Maybe you can confirm this with TAC.

0 Helpful

Go to solution
dfarrell
Level 1
Level 1
In response to kwillacey

‎07-31-2009 04:33 PM

http://www.cisco.com/en/US/docs/security/csc/csc60/administration/guide/csc1.html

..."Trend Micro InterScan for Cisco CSC SSM (Content Security and Control Security Services Module) provides an all-in-one antivirus and spyware management solution for your network. This guide provides a conceptual explanation of how to manage the CSC SSM, which is resident in your Cisco appliance to do the following:

•Detect and take action on viruses, worms, Trojans, and other threats in your SMTP, POP3, HTTP, and FTP network traffic

Note Traffic utilizing other protocols, such as HTTPS, is not scanned by CSC SSM.

•Block compressed or very large files that exceed specified parameters

•Scan for and remove spyware, adware, and other types of grayware ..."

0 Helpful

Go to solution
Farrukh Haroon
VIP Alumni
VIP Alumni
In response to dimensyssrl

‎08-05-2009 12:25 AM

Dear Daniele

I mentioned in my post that it works on a standalone Trendmicro IWSS server, meaning we have the IWSS software running on our proxy servers (via proxy chaining). HTTPS filtering works on the Standalone IWSS software.

(As it appears from the documentation) Cisco/Trend Micro have disabled this HTTPS filtering capability in the CSC Module's IWSS software. Only Cisco/TM can comment on this, but it could be due to performance issues, CSC topology (traffic via back plane) etc.

Regards

Farrukh

0 Helpful

Go to solution
dimensyssrl
Level 1
Level 1
In response to Farrukh Haroon

‎08-05-2009 01:12 AM

Thanks to all.

Daniele

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card