Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

Silver

SA520 / SA540 - URL Content filtering on another port

Hello community,

I would like to know if it was possible to block an URL with SA520/SA540 if in the browser configuration I manually specify a proxy with a port different from port 80.

In my scenario :

If I don't define a proxy address in my browser and allow only www.cisco.com on the the SA, then it works => Access to www.cisco.com ONLY is authorized.

If in my browser I define a proxy address (with port 8080), I can access to other sites (SA520/540 rule are by-passed).

My goal is to filter with SA and proxy on port 8080. Is it possible to achieve that ?

Thanks a lot.

Regards.

Karim

4 REPLIES
Cisco Employee

Re: SA520 / SA540 - URL Content filtering on another port

Is port 8080 traffic matched in URL filtered class-map?

Please verify that.

PK

Silver

Re: SA520 / SA540 - URL Content filtering on another port

Hello PK and thanks for your feedback.

As I am a newbie on this kind of device, where in the SA520 GUI menus can I configue this URL filtered class-map in order to match port:8080 traffic ? I don't find it..

Thank you.

Cisco Employee

Re: SA520 / SA540 - URL Content filtering on another port

Yes, under the class-map you should be able to define an ACL to match your traffic that will be URL filtered.

You will be matching on source and destination (usually any) and then tcp port.

I hope it helps.

PK

Silver

Re: SA520 / SA540 - URL Content filtering on another port

Hello PK thank you very much for your collaboration on this post,but after having read again the SA 500 Series Security Applicances admin guide:

(http://www.cisco.com/en/US/docs/security/multi_function_security/multi_function_security_appliance/sa_500/administration/guide/SA500_AG_OL1911403.pdf),

I can find the configuration in GUI for approved/blocked URL is possible (Firewall on the menu bar, then Content Filtering > Approved URLs or Blocked URLs), but there is no such configuration for class-map in my Security Appliance GUI administration. Do you mean this matching acl under class-map has to be configured on another location?

Thanks again.

Karim

386
Views
0
Helpful
4
Replies