Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
475
Views
10
Helpful
3
Replies

URL Filtering Questions

support
Level 1
Level 1

‎08-04-2009 10:39 AM - edited ‎03-09-2019 10:29 PM

As possible Microsoft ISA server replacement next year, I would like to move URL filtering to the ASA systems if possible. Can anyone tell if using the ASA for this is a good alternative?

Here is what I would like.

1.) The ability to block certain URLs from being accessing by employees.

2.) The ability to track and report of employee Internet usage.

Labels:
0 Helpful
3 Replies 3

suschoud
Cisco Employee
Cisco Employee

‎08-04-2009 11:41 AM

asa works in conjunction with websense or smartfilter for url filtering.

all http/https/ftp etc reqeusts are redirected to these servers wherein url filtering rules are applied.

if u do not have these boxes,u can also use inbulit asa's capability to use regex ( regular expression ) to block urls.

For ex. , blocking myspace :

RUNNING CONFIGURATION (SNIPPET):

================================

ciscoasa(config)# sh run

: Saved

:

ASA Version 7.2(2)

!

hostname ciscoasa

regex block-website ".\myspace.\com"

!

class-map type regex match-any cm-block-website

match regex block-website

!

class-map inspection_default

match default-inspection-traffic

!

policy-map type inspect dns preset_dns_map

parameters

message-length maximum 512

policy-map type inspect http pm-block-website

parameters

match request header host regex class cm-block-website

drop-connection log

policy-map global_policy

class inspection_default

inspect dns preset_dns_map

inspect ftp

inspect h323 h225

inspect h323 ras

inspect rsh

inspect rtsp

inspect esmtp

inspect sqlnet

inspect skinny

inspect sunrpc

inspect xdmcp

inspect sip

inspect netbios

inspect tftp

inspect http pm-block-website

!

service-policy global_policy global

!

LOGS OBTAINED:

==============

%ASA-5-415008: HTTP - matched request header host regex class

cm-block-website in policy-map pm-block-website, header matched - Dropping

connection from Inside:77.66.55.2/1958 to outside: 216.178.39.74/80

%ASA-6-302014: Teardown TCP connection 2036 for outside:216.178.39.74/80 to

inside:77.66.55.2/1958 duration 0:00:00 bytes 0 Flow closed by inspection

Here is a link that explains how to use MPF:

-- Using Modular Policy Framework:

http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/mpc.h

tml

#####

asa has limited capabilities to track internet usage.u can use some 3rd party tool for that.

hTh

Sushil

TAC

support
Level 1
Level 1
In response to suschoud

‎08-04-2009 11:52 AM

Thanks for your reply! That was very helpful information. Do you know what 3rd party tools are out there for tracking usage? We would want to track based on network userid.

0 Helpful

suschoud
Cisco Employee
Cisco Employee
In response to support

‎08-04-2009 01:26 PM

Commercial products that creates graphs and analyzes Syslog to generate stats could be:

- FireGen http://www.eventid.net/firegen/

- Try this one FWLOGSUM (Freeware).

http://www.ginini.com/software/fwlogsum/

http://www.ginini.com/software/fwlogsum/converters/

It uses basicly PERL scripts and supports a wide range of Firewalls. You just need to install Perl in your Windows environment.

- Try Sawmill (Eval version)

http://www.sawmill.net/

- EIQ Networks Network Security Analyzer eiqnetworks.com

Hope that gives you some ideas what to try.

Customers Also Viewed These Support Documents