Cisco Systems ASA 5525-X Network Router User Manual


  Open as PDF
of 2086
 
CHAPTER
42-1
Cisco ASA 5500 Series Configuration Guide using ASDM
42
Configuring Filtering Services
This chapter describes how to use filtering services to provide greater control over traffic passing
through the ASA and includes the following sections:
Information About Web Traffic Filtering, page 42-1
Configuring Filtering Rules, page 42-6
Filtering the Rule Table, page 42-11
Defining Queries, page 42-12
Filtering URLs and FTP Requests with an External Server, page 42-2
Information About Web Traffic Filtering
You can use web traffic filtering in two distinct ways:
Filtering ActiveX objects or Java applets
Filtering with an external filtering server
Instead of blocking access altogether, you can remove specific undesirable objects from web traffic, such
as ActiveX objects or Java applets, that may pose a security threat in certain situations.
You can use web traffic filtering to direct specific traffic to an external filtering server, such an Secure
Computing SmartFilter (formerly N2H2) or the Websense filtering server. You can enable long URL,
HTTPS, and FTP filtering using either Websense or Secure Computing SmartFilter for web traffic
filtering. Filtering servers can block traffic to specific sites or types of sites, as specified by the security
policy.
Note URL caching will only work if the version of the URL server software from the URL server vendor
supports it.
Because web traffic filtering is CPU-intensive, using an external filtering server ensures that the
throughput of other traffic is not affected. However, depending on the speed of your network and the
capacity of your web traffic filtering server, the time required for the initial connection may be
noticeably slower when filtering traffic with an external filtering server.
Model License Requirement
All models Base License.