Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Web Filtering

Hi,

I am using Cisco ISA570 and SG300 switch.

i configured vlans on my switch and enable ip routing for vlan communication.

Now i want assign different web filtering polocies to my vlans.

Rupesh

9 REPLIES

Web Filtering

You can apply profiles to IP networks, should also be ok?

Michael

Please rate all helpful posts

Michael Please rate all helpful posts
New Member

Web Filtering

Hi Michale,

Thanks for you reply,

But how can we apply profiles to ip networks.

My only concern is we need to do vlan routing on switch and assign web filtering to the vlans on firewall

because if firewall goes down also my internal network will work on the switch.

Web Filtering

Intra-VLAN traffic doesn't pass the ISA since the switch routes the traffic. Only traffic going to the internet will be filtered.

Michael

Please rate all helpful posts

Michael Please rate all helpful posts
New Member

Web Filtering

how can we assign profiles to ip networks when ip routing is on switch

Web Filtering

Ok, sorry, I confounded Web Filtering with Application Control, in AC you can filter by networks, in Webfiltering only via zones.

Michael

Please rate all helpful posts

Michael Please rate all helpful posts
New Member

Web Filtering

is there any chance to config like below

Vlans and Vlan routing on switch

adding vlans on firewall and assign to zones and applying web filtering to the zones

Web Filtering

The problem is, that you want to use the routing power from the switch for internal, but have the same vlans on ISA. The only solution the I think is trunking all together and give the switch and ISA IP addresses in the client networks. Then set on every client a network route to the other vlan through switch IP and default gateway the ISA. Same on the other side.

Michael

Please rate all helpful posts

Michael Please rate all helpful posts
New Member

Web Filtering

i have not understood this

Re: Web Filtering

Rupesh,
Couldn't this all be simplified by not doing inter-VLAN routing on the switch and let the ISA handle everything? I can understand how the ISA failing would have a larger impact on the network that way, but I don't see how you're going to have different Web Filtering policies for the different VLANs any other way. That is, except for the manual workaround CiscoMax is talking about, but I would think it would have a higher potential for ongoing issues than the likelihood of the ISA failing. I think you might be over complicating this.

Sent from Cisco Technical Support iPhone App

Shawn Eftink CCNA/CCDA Please rate all helpful posts and mark correct answers to assist others searching for solutions in the community.
1023
Views
0
Helpful
9
Replies
CreatePlease login to create content