Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
370
Views
0
Helpful
2
Replies

IOS Zone-based HTTP Inspection

gherbstman
Level 1
Level 1

‎07-04-2008 10:34 AM - edited ‎03-11-2019 06:09 AM

I am using a 2811 router with 12.4(15)T5 Advanced IP.

When enabling inspection on my HTTP out rule, several common websites do not funcion properly. This is not a problem on our other 2811 routers not using Zone-Based firewall. One example site that consistently does not work is ft.com.

I have played around with all the inspection settings, including setting it to allow rather than drop and the site still does not work.

Help is urgently needed.

Thanks

Gary Herbstman

Byte Solutions

http://bytesolutions.com

Byte Solutions, Managed Computer Services
https://www.bytesolutions.com 561.338.9696
Labels:
0 Helpful
2 Replies 2

hadbou
Level 5
Level 5

‎07-10-2008 09:05 AM

Refer to the following url for more information on configuring IOS Zone-based HTTP Inspection:

http://www.cisco.com/en/US/docs/ios/security/configuration/guide/sec_zone_polcy_firew.html#wp1052111

0 Helpful

bstiff
Level 1
Level 1

‎07-11-2008 10:38 AM

Did you configure the Zone FW with SDM? I assume that you selected the 'medium' or 'high' security levels, which enabled http app inspection, and applied protocol conformance checking. Unfortunately, some web servers/browsers took a different interpretation of some aspects of the http standards than the IOS Firewall developers. Thus, http protocol conformance checking ends up breaking some specific sites (yahoo mail, for instance). The easiest way to correct the problem is to use the 'low' security firewall. Next easiest is to edit the http inspection policy to remove strict-http application inspection. Post again if you need more details.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card