04-30-2014 02:48 AM - edited 03-11-2019 09:08 PM
I am running 4.0(7) and we are experiencing some issues with downloads - specifically http downloads. Anything with an https link works fine.
Looking into the config on the FWSM i see that under the global_policy we are inspecting http
policy-map global_policy
class inspection_default
inspect ftp
inspect h323 h225
inspect h323 ras
inspect netbios
inspect rsh
inspect skinny
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
inspect icmp
inspect http
I would like to remove inspect http as a test to see if this is causing our problems, but am unsure of the impact of doing this?
Also it is strange as this option has been there for a long time and our download issues have only recently started to happen, it does seem to be only for http links though?
I don't really understand what the inspection engine does?
04-30-2014 03:35 AM
If you don't have any config that needs the enabled http-inspection, then it's very likely that your HTTP-inspection basically doesn't do anything. And based on your description I would assume that the problem should be somewhere outside the FWSM.
Do you see anything in the log regarding the problems?
If you really don't need the inspection (any "filter"-command on the FWSM?) then I would just remove the inspection:
policy-map global_policy
class inspection_default
no inspect http
05-01-2014 08:33 AM
I agree with Karsten.
Also verify that you don't have any http proxy or url-filter service configured.
05-01-2014 08:33 AM
Well,
I removed the http inspection and it broke all inbound and outbound web services!
Then I discover this
url-server (WEB-Sense) vendor websense host 10.*.*.* timeout 30 protocol TCP version 1 connections 5
filter url except 10.0.0.0 255.0.0.0 10.0.0.0 255.0.0.0 allow
This web-sense server is down and no longer used.
But am I correct to assume that the prescense of this config caused a problem as all http was trying to go via the Websense but with the http inspection enabled it is able to go out direct?
I am unclear as to exactly how the inspection and the url-server / filter url commands interact.
Thanks
Roger
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: