Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

URL-Filtering Smartfilter and HTTPS

Ok....hopefully someone out there can assist me.

I have an dual failover two ASA 5520 scenario that we are using for firewall purposes.  I have the URL filtering setup on these ASA's which are currently filtering http traffic without any problems.  However, when it comes to HTTPS....that's a whole other story.   For some reason I can't get the ASA to send HTTPS traffic to the smartfilter server. 

ASA version = 8.2(1)

Smartfilter version = 4.1.1

Initially before starting this endeavor, we were on a cisco pix failover scenario using version 7.1.   I had contacted TAC and they explained that we had to upgrade in order to resolve this problem.   Therefore, I removed the pix's completely and put in the ASA's with 8.2(1) on them thinking this would fix the problem.   Nope!

I also contacted Mcafee, new owner of Secure Computing which owns Smartfilter, and they advised that version 4.1.1 supports https filtering and it has to be something with the firewall.

Upon further investigation I did a 'show url-server stat' and noticed that i'm not sending any https requests to the filter

*******************************************************************************

Global Statistics:
--------------------
URLs total/allowed/denied         968201/904693/63508
URLs allowed by cache/server      0/904693
URLs denied by cache/server       0/63508
HTTPSs total/allowed/denied       0/0/0
HTTPSs allowed by cache/server    0/0
HTTPSs denied by cache/server     0/0
FTPs total/allowed/denied         0/0/0
FTPs allowed by cache/server      0/0
FTPs denied by cache/server       0/0
Requests dropped                  0
Server timeouts/retries           0/37
Processed rate average 60s/300s   36/31 requests/second
Denied rate average 60s/300s      2/2 requests/second

**********************************************************************************

Here are the commands i have in my config that relate to the URL filtering setup.

url-server (inside) vendor smartfilter host xx.xxx.xxx.xxx port 4005 timeout 30 protocol UDP

filter url http 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 allow
filter url 443 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 allow

It just doesnt seem as if my https traffic is making it to my smartfiliter.   If anyone has any ideas, your help will be very VERY much appreciated. 

Thanks in advance.

  • Firewalling
1 REPLY
Cisco Employee

Re: URL-Filtering Smartfilter and HTTPS

Pls. follow this link:

http://www.cisco.com/en/US/docs/security/asa/asa82/command/reference/ef.html#wp1970383

Try this command below instead of what you have.

filter https 443 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 allow

-KS

1330
Views
0
Helpful
1
Replies
This widget could not be displayed.