cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
426
Views
0
Helpful
4
Replies

filter url http

mahesh18
Level 6
Level 6

Hi Everyone,

Our ASA  has below config here

filter url http 192.168.0.0 255.255.0.0 0.0.0.0 0.0.0.0

filter url http 172.16.0.0 255.240.0.0 0.0.0.0 0.0.0.0 longurl-truncate

filter url http 10.0.0.0 255.0.0.0 0.0.0.0 0.0.0.0 longurl-truncate

We have websense configured that has connection to ASA  to block some http and https traffic.

Need to understand what does above config do on the ASA?

Regards

MAhesh

2 Accepted Solutions

Accepted Solutions

filter url http 192.168.0.0 255.255.0.0 0.0.0.0 0.0.0.0

This command will send all http traffic to websense for evaluation.

filter url http 172.16.0.0 255.240.0.0 0.0.0.0 0.0.0.0 longurl-truncate

filter url http 10.0.0.0 255.0.0.0 0.0.0.0 0.0.0.0 longurl-truncate

These commands also send http traffic to websense for evaluation, but when dealing with a longer than permitted URL it will only send the IP address portion of the URL or the hostname for evaluation.

--
Please remember to select a correct answer and rate helpful posts

View solution in original post

Does the above config means to bypass the websense and directly go to internet if source is from 172.31.128.x?

You are correct, a filter with the exept keyword will exempt all traffic that is defined in that filter from being sent to the filter server.

Does this mean that if rule 1 is matched first just like ACL  it will allow the http traffic from 172.31.128?

Yes, the match is based on a first match logic as with ACLs.

Another thing to ask is if the browser has no proxy config then traffic will come to firewall first and depending on the

config there it will forward the traffic first to the websense or  internet?

Again correct.

--

Please rate all helpful posts

--
Please remember to select a correct answer and rate helpful posts

View solution in original post

4 Replies 4

filter url http 192.168.0.0 255.255.0.0 0.0.0.0 0.0.0.0

This command will send all http traffic to websense for evaluation.

filter url http 172.16.0.0 255.240.0.0 0.0.0.0 0.0.0.0 longurl-truncate

filter url http 10.0.0.0 255.0.0.0 0.0.0.0 0.0.0.0 longurl-truncate

These commands also send http traffic to websense for evaluation, but when dealing with a longer than permitted URL it will only send the IP address portion of the URL or the hostname for evaluation.

--
Please remember to select a correct answer and rate helpful posts

Hi Marius,

ASA  has  this config  lines

filter url except 172.31.128.0 255.255.192.0 0.0.0.0 0.0.0.0

filter https except 172.31.128.0 255.255.192.0 0.0.0.0 0.0.0.0

Does the above config means to bypass the websense and directly go to internet if source is from 172.31.128.x?

and this includes http and https traffic?

if we have below config in following order

filter url except 172.31.128.0 255.255.192.0 0.0.0.0 0.0.0.0   rule 1

filter https except 172.31.128.0 255.255.192.0 0.0.0.0 0.0.0.0

filter url http 192.168.0.0 255.255.0.0 0.0.0.0 0.0.0.0

filter url http 172.16.0.0 255.240.0.0 0.0.0.0 0.0.0.0 longurl-truncate

filter url http 10.0.0.0 255.0.0.0 0.0.0.0 0.0.0.0 longurl-truncate

Does this mean that if rule 1 is matched first just like ACL  it will allow the http traffic from 172.31.128?

Another thing to ask is if the browser has no proxy config then traffic will come to firewall first and depending on the

config there it will forward the traffic first to the websense or  internet?

Regards

MAhesh

Does the above config means to bypass the websense and directly go to internet if source is from 172.31.128.x?

You are correct, a filter with the exept keyword will exempt all traffic that is defined in that filter from being sent to the filter server.

Does this mean that if rule 1 is matched first just like ACL  it will allow the http traffic from 172.31.128?

Yes, the match is based on a first match logic as with ACLs.

Another thing to ask is if the browser has no proxy config then traffic will come to firewall first and depending on the

config there it will forward the traffic first to the websense or  internet?

Again correct.

--

Please rate all helpful posts

--
Please remember to select a correct answer and rate helpful posts

Many thanks Marius.

Best regards

Mahesh

Message was edited by: mahesh parmar

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: