Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

filter url http

Hi Everyone,

Our ASA  has below config here

filter url http 192.168.0.0 255.255.0.0 0.0.0.0 0.0.0.0

filter url http 172.16.0.0 255.240.0.0 0.0.0.0 0.0.0.0 longurl-truncate

filter url http 10.0.0.0 255.0.0.0 0.0.0.0 0.0.0.0 longurl-truncate

We have websense configured that has connection to ASA  to block some http and https traffic.

Need to understand what does above config do on the ASA?

Regards

MAhesh

2 ACCEPTED SOLUTIONS

Accepted Solutions

filter url http

filter url http 192.168.0.0 255.255.0.0 0.0.0.0 0.0.0.0

This command will send all http traffic to websense for evaluation.

filter url http 172.16.0.0 255.240.0.0 0.0.0.0 0.0.0.0 longurl-truncate

filter url http 10.0.0.0 255.0.0.0 0.0.0.0 0.0.0.0 longurl-truncate

These commands also send http traffic to websense for evaluation, but when dealing with a longer than permitted URL it will only send the IP address portion of the URL or the hostname for evaluation.

--

Please remember to rate and select a correct answer

filter url http

Does the above config means to bypass the websense and directly go to internet if source is from 172.31.128.x?

You are correct, a filter with the exept keyword will exempt all traffic that is defined in that filter from being sent to the filter server.

Does this mean that if rule 1 is matched first just like ACL  it will allow the http traffic from 172.31.128?

Yes, the match is based on a first match logic as with ACLs.

Another thing to ask is if the browser has no proxy config then traffic will come to firewall first and depending on the

config there it will forward the traffic first to the websense or  internet?

Again correct.

--

Please rate all helpful posts

--

Please remember to rate and select a correct answer
4 REPLIES

filter url http

filter url http 192.168.0.0 255.255.0.0 0.0.0.0 0.0.0.0

This command will send all http traffic to websense for evaluation.

filter url http 172.16.0.0 255.240.0.0 0.0.0.0 0.0.0.0 longurl-truncate

filter url http 10.0.0.0 255.0.0.0 0.0.0.0 0.0.0.0 longurl-truncate

These commands also send http traffic to websense for evaluation, but when dealing with a longer than permitted URL it will only send the IP address portion of the URL or the hostname for evaluation.

--

Please remember to rate and select a correct answer
Community Member

filter url http

Hi Marius,

ASA  has  this config  lines

filter url except 172.31.128.0 255.255.192.0 0.0.0.0 0.0.0.0

filter https except 172.31.128.0 255.255.192.0 0.0.0.0 0.0.0.0

Does the above config means to bypass the websense and directly go to internet if source is from 172.31.128.x?

and this includes http and https traffic?

if we have below config in following order

filter url except 172.31.128.0 255.255.192.0 0.0.0.0 0.0.0.0   rule 1

filter https except 172.31.128.0 255.255.192.0 0.0.0.0 0.0.0.0

filter url http 192.168.0.0 255.255.0.0 0.0.0.0 0.0.0.0

filter url http 172.16.0.0 255.240.0.0 0.0.0.0 0.0.0.0 longurl-truncate

filter url http 10.0.0.0 255.0.0.0 0.0.0.0 0.0.0.0 longurl-truncate

Does this mean that if rule 1 is matched first just like ACL  it will allow the http traffic from 172.31.128?

Another thing to ask is if the browser has no proxy config then traffic will come to firewall first and depending on the

config there it will forward the traffic first to the websense or  internet?

Regards

MAhesh

filter url http

Does the above config means to bypass the websense and directly go to internet if source is from 172.31.128.x?

You are correct, a filter with the exept keyword will exempt all traffic that is defined in that filter from being sent to the filter server.

Does this mean that if rule 1 is matched first just like ACL  it will allow the http traffic from 172.31.128?

Yes, the match is based on a first match logic as with ACLs.

Another thing to ask is if the browser has no proxy config then traffic will come to firewall first and depending on the

config there it will forward the traffic first to the websense or  internet?

Again correct.

--

Please rate all helpful posts

--

Please remember to rate and select a correct answer
Community Member

Re: filter url http

Many thanks Marius.

Best regards

Mahesh

Message was edited by: mahesh parmar

155
Views
0
Helpful
4
Replies
CreatePlease to create content