Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

URL Filtering Questions

As possible Microsoft ISA server replacement next year, I would like to move URL filtering to the ASA systems if possible. Can anyone tell if using the ASA for this is a good alternative?

Here is what I would like.

1.) The ability to block certain URLs from being accessing by employees.

2.) The ability to track and report of employee Internet usage.

3 REPLIES
Cisco Employee

Re: URL Filtering Questions

asa works in conjunction with websense or smartfilter for url filtering.

all http/https/ftp etc reqeusts are redirected to these servers wherein url filtering rules are applied.

if u do not have these boxes,u can also use inbulit asa's capability to use regex ( regular expression ) to block urls.

For ex. , blocking myspace :

RUNNING CONFIGURATION (SNIPPET):

================================

ciscoasa(config)# sh run

: Saved

:

ASA Version 7.2(2)

!

hostname ciscoasa

regex block-website ".\myspace.\com"

!

class-map type regex match-any cm-block-website

match regex block-website

!

class-map inspection_default

match default-inspection-traffic

!

policy-map type inspect dns preset_dns_map

parameters

message-length maximum 512

policy-map type inspect http pm-block-website

parameters

match request header host regex class cm-block-website

drop-connection log

policy-map global_policy

class inspection_default

inspect dns preset_dns_map

inspect ftp

inspect h323 h225

inspect h323 ras

inspect rsh

inspect rtsp

inspect esmtp

inspect sqlnet

inspect skinny

inspect sunrpc

inspect xdmcp

inspect sip

inspect netbios

inspect tftp

inspect http pm-block-website

!

service-policy global_policy global

!

LOGS OBTAINED:

==============

%ASA-5-415008: HTTP - matched request header host regex class

cm-block-website in policy-map pm-block-website, header matched - Dropping

connection from Inside:77.66.55.2/1958 to outside: 216.178.39.74/80

%ASA-6-302014: Teardown TCP connection 2036 for outside:216.178.39.74/80 to

inside:77.66.55.2/1958 duration 0:00:00 bytes 0 Flow closed by inspection

Here is a link that explains how to use MPF:

-- Using Modular Policy Framework:

http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/mpc.h

tml

#####

asa has limited capabilities to track internet usage.u can use some 3rd party tool for that.

hTh

Sushil

TAC

New Member

Re: URL Filtering Questions

Thanks for your reply! That was very helpful information. Do you know what 3rd party tools are out there for tracking usage? We would want to track based on network userid.

Cisco Employee

Re: URL Filtering Questions

Commercial products that creates graphs and analyzes Syslog to generate stats could be:

- FireGen http://www.eventid.net/firegen/

- Try this one FWLOGSUM (Freeware).

http://www.ginini.com/software/fwlogsum/

http://www.ginini.com/software/fwlogsum/converters/

It uses basicly PERL scripts and supports a wide range of Firewalls. You just need to install Perl in your Windows environment.

- Try Sawmill (Eval version)

http://www.sawmill.net/

- EIQ Networks Network Security Analyzer eiqnetworks.com

Hope that gives you some ideas what to try.

225
Views
10
Helpful
3
Replies
CreatePlease to create content