Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

PIX inspect http problem

WE have our PIX version 7.2(2) using http inspection and set to drop protocol violations. The problem is, that it drops the Microsoft Updates. Anybody have an idea how to allow the MS Updates to work while still using the inspect http policy.


Re: PIX inspect http problem

George, I believe you would have to work with creating policy and class-map to classify certain traffic, by default global policy does not inspect http but since you have altered this you would need to create a policy whereby you can apply acl to allow certain http traffic to not be ispected.

I have not done this as we have websence for filtering http but have read about it, if someone can point a good link that will be great or if there is any other way to do it.. if I find a good example link I will posted.



Re: PIX inspect http problem

George, this is the link you would want to reference , applying application layer protocol inspection, this covers module policy framework and class-maps for your particular request.

New Member

Re: PIX inspect http problem

Thanks. It took a little head scratching but it works now.

CreatePlease to create content