Cisco Systems and the ASA Services Module Network Router User Manual


 
29-9
Cisco ASA Series Firewall CLI Configuration Guide
Chapter 29 Configuring Filtering Services
Filtering URLs and FTP Requests with an External Server
For Websense:
hostname(config)# url-server (if_name) host local_ip
[timeout seconds] [protocol TCP | UDP
version [1|4] [connections num_conns]]
Example:
ciscoasa(config)# url-server (perimeter) host
10.0.1.1 protocol TCP version 4
Identifies the address of the filtering server. if_name
is the name of the ASA interface connected to the
filtering server (the default is inside). For the vendor
{secure-computing | n2h2} option, use
secure-computing as the vendor string; however,
n2h2 is acceptable for backward compatibility. When
the configuration entries are generated,
secure-computing is saved as the vendor string. The
host local_ip option is the IP address of the URL
filtering server. The port number option is the Secure
Computing SmartFilter server port number of the
filtering server; the ASA also listens for UDP replies
on this port.
Note The default port is 4005, which is used by the
Secure Computing SmartFilter server to
communicate to the ASA via TCP or UDP.
For information about changing the default
port, see the Filtering by N2H2
Administrator's Guide.
The timeout seconds option is the number of seconds
that the ASA should keep trying to connect to the
filtering server. The connections number option is
the number of tries to make a connection between the
host and server.
The example identifies a Websense filtering server
with the IP address 10.0.1.1 on a perimeter interface
of the ASA.Version 4, which is enabled in this
example, is recommended by Websense because it
supports caching.
For Secure Computing SmartFilter (formerly N2H2):
hostname(config)# url-server (if_name) vendor
{secure-computing | n2h2} host
local_ip [port number] [timeout seconds] [protocol
{TCP [connections number]} | UDP]
Example:
ciscoasa(config)# url-server (perimeter) vendor n2h2
host 10.0.1.1
ciscoasa(config)# url-server (perimeter) vendor n2h2
host 10.0.1.2
The example identifies redundant Secure Computing
SmartFilter servers that are both on a perimeter
interface of the ASA.
Command Purpose