SA520 / SA540 - URL Content filtering on another port

Unanswered Question
May 4th, 2010
User Badges:
  • Silver, 250 points or more

Hello community,

I would like to know if it was possible to block an URL with SA520/SA540 if in the browser configuration I manually specify a proxy with a port different from port 80.

In my scenario :

If I don't define a proxy address in my browser and allow only on the the SA, then it works => Access to ONLY is authorized.

If in my browser I define a proxy address (with port 8080), I can access to other sites (SA520/540 rule are by-passed).

My goal is to filter with SA and proxy on port 8080. Is it possible to achieve that ?

Thanks a lot.



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Panos Kampanakis Tue, 05/04/2010 - 13:50
User Badges:
  • Cisco Employee,

Is port 8080 traffic matched in URL filtered class-map?

Please verify that.


krahmani323 Wed, 05/05/2010 - 05:47
User Badges:
  • Silver, 250 points or more

Hello PK and thanks for your feedback.

As I am a newbie on this kind of device, where in the SA520 GUI menus can I configue this URL filtered class-map in order to match port:8080 traffic ? I don't find it..

Thank you.

Panos Kampanakis Wed, 05/05/2010 - 06:12
User Badges:
  • Cisco Employee,

Yes, under the class-map you should be able to define an ACL to match your traffic that will be URL filtered.

You will be matching on source and destination (usually any) and then tcp port.

I hope it helps.


krahmani323 Wed, 05/05/2010 - 07:40
User Badges:
  • Silver, 250 points or more

Hello PK thank you very much for your collaboration on this post,but after having read again the SA 500 Series Security Applicances admin guide:


I can find the configuration in GUI for approved/blocked URL is possible (Firewall on the menu bar, then Content Filtering > Approved URLs or Blocked URLs), but there is no such configuration for class-map in my Security Appliance GUI administration. Do you mean this matching acl under class-map has to be configured on another location?

Thanks again.



This Discussion