Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

Allow mode on for ASA?

We are setting up a websense url-filter for our location. We have the following set up for our routers that are doing auth-proxy and we have no issues with this.

    ip inspect name websenseinternet http urlfilter
    ip urlfilter urlf-server-log
    ip urlfilter server vendor websense 172.20.63.75
    ip urlfilter allow-mode on

These commands suit my company's needs no problem. We had to put the allow-mode on becasue the server locked up one day and the routers were denying all internet traffic.

My question, is there any allow-mode on commands for pix/asa devices? Any help will be greatly appreciated.

2 ACCEPTED SOLUTIONS

Accepted Solutions
Cisco Employee

Re: Allow mode on for ASA?

Hello,

The equivalent functionality on the ASA is to use the 'allow' keyword when you setup the 'filter url' command that passes traffic to the filtering server. Here is the command reference for it:

http://www.cisco.com/en/US/docs/security/asa/asa82/command/reference/ef.html#wp1933061

allow

When the server is unavailable, let outbound connections pass through the security appliance without filtering. If you omit this option, and if the N2H2 or Websense server goes off line, the security appliance stops outbound port 80 (Web) traffic until the N2H2 or Websense server is back on line.

Hope that helps.

-Mike

Cisco Employee

Re: Allow mode on for ASA?

Hello,

Yes, even pix/ASA have allow mode. At the end of "filter" statement you need

to add "allow" keyword which will ensure that the firewall will forward

traffic when the filtering server is unavailable.

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration

_example09186a008088517b.shtml

Hope this helps.

Regards,

NT

2 REPLIES
Cisco Employee

Re: Allow mode on for ASA?

Hello,

The equivalent functionality on the ASA is to use the 'allow' keyword when you setup the 'filter url' command that passes traffic to the filtering server. Here is the command reference for it:

http://www.cisco.com/en/US/docs/security/asa/asa82/command/reference/ef.html#wp1933061

allow

When the server is unavailable, let outbound connections pass through the security appliance without filtering. If you omit this option, and if the N2H2 or Websense server goes off line, the security appliance stops outbound port 80 (Web) traffic until the N2H2 or Websense server is back on line.

Hope that helps.

-Mike

Cisco Employee

Re: Allow mode on for ASA?

Hello,

Yes, even pix/ASA have allow mode. At the end of "filter" statement you need

to add "allow" keyword which will ensure that the firewall will forward

traffic when the filtering server is unavailable.

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration

_example09186a008088517b.shtml

Hope this helps.

Regards,

NT

1014
Views
5
Helpful
2
Replies
CreatePlease to create content