We are setting up a websense url-filter for our location. We have the following set up for our routers that are doing auth-proxy and we have no issues with this.
ip inspect name websenseinternet http urlfilter
ip urlfilter urlf-server-log
ip urlfilter server vendor websense 172.20.63.75
ip urlfilter allow-mode on
These commands suit my company's needs no problem. We had to put the allow-mode on becasue the server locked up one day and the routers were denying all internet traffic.
My question, is there any allow-mode on commands for pix/asa devices? Any help will be greatly appreciated.
Yes, even pix/ASA have allow mode. At the end of "filter" statement you need
to add "allow" keyword which will ensure that the firewall will forward
traffic when the filtering server is unavailable.
Hope this helps.
The equivalent functionality on the ASA is to use the 'allow' keyword when you setup the 'filter url' command that passes traffic to the filtering server. Here is the command reference for it:
Hope that helps.