Filter
Top Products
CHAPTER
26-1
Cisco ASDM User Guide
OL-16647-01
26
Configuring Filter Rules
This chapter includes the following sections:
• URL Filtering, page 26-1
• Filter Rules, page 26-5
URL Filtering
You can apply filtering to connection requests originating from a more secure network to a less secure
network. Although you can use ACLs to prevent outbound access to specific content servers, managing
usage this way is difficult because of the size and dynamic nature of the Internet. You can simplify
configuration and improve security appliance performance by using a separate server running one of the
following Internet filtering products:
• Websense Enterprise for filtering HTTP, HTTPS, and FTP.
• Secure Computing SmartFilter for filtering HTTP only. (Although some versions of Sentian support
HTTPS, the security appliance only supports filtering HTTP with Sentian.)
Although security appliance performance is less affected when using an external server, users may notice
longer access times to websites or FTP servers when the filtering server is remote from the security
appliance.
When filtering is enabled and a request for content is directed through the security appliance, the request
is sent to the content server and to the filtering server at the same time. If the filtering server allows the
connection, the security appliance forwards the response from the content server to the originating client.
If the filtering server denies the connection, the security appliance drops the response and sends a
message or return code indicating that the connection was not successful.
If user authentication is enabled on the security appliance, then the security appliance also sends the user
name to the filtering server. The filtering server can use user-specific filtering settings or provide
enhanced reporting regarding usage.
This section includes the following topics:
• Configuring URL Filtering, page 26-2
• URL Filtering Servers, page 26-2
• Advanced URL Filtering, page 26-4