Hi everybody, I have a question for the CSC experts,
I want to know if the CSC Module with Trend Micro software will help me to allow my client's users to navigate only from 12h00 to 13h00,
I know I could configure that and that it works, but I'll explain myself a little bit, so you could help me with my doubt.
1.- As far as I know if I use a Time ACL with the ASA i could deny users to navigate (http) in a period of time, but I could not deny the users that has establish a session before, this only works with users that want to establish a new session between the period of time configure. (I have read several documents that explain that).
2.- I know that with a proxy server each connection is treated as a new session, so the CSC (that works like a proxy server) should work like this.
3.- So the problem that happens with the ASA time acl (explain in #1) doesn't happens with the CSC, is this true?. If a user that has been navigating in the hours permitted by the network administrator continues navigating in the hours not permitted he'll get a denied message or i must as the asa clear all the connections?. so when the new connection is established with the CSC the user will get http denied.
hope I explain myself and someone could clarify me this.
My client doesn't have the ASA CSC Module, I'am asking this because I need to offer him a solution.
Yes, you can configure this behavior with the CSC module. To do this, you can configure all hours as "Work Hours", except for 1200 to 1300, which would be defined as "Leisure Hours". Then, you can configure the URL filtering function to filter all sites during Work Hours, but allow sites to be unfiltered during your Leisure Hours.
Time based ACLs on the ASA will also solve your problem. You are right to say that existing connection will still go through, but HTTP connections don't stay. After the page is up they are torn down. So new pages will initiate new connections and thus be subject to the time based ACL.
Still, the CSC will also solve your issue. In the module you can set Leisure and Work hors and allow HTTP pages during each period. So I would block all pages (star in the URL field) during the Work hours and allow during the leisure.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...