Filter
Top Products
26-6
Cisco ASDM User Guide
OL-16647-01
Chapter 26 Configuring Filter Rules
Filter Rules
Benefits
The Filter Rules pane provides information about the filter rules that are currently configured on the
security appliance. It also provides buttons that you can use to add or modify the filter rules and to
increase or decrease the amount of detail shown in the pane.
Filtering allows greater control over any traffic that your security policy allows to pass through the
security appliance. Instead of blocking access altogether, you can remove specific undesirable objects
from HTTP traffic, such as ActiveX objects or Java applets, that may pose a security threat in certain
situations. You can also use URL filtering to direct specific traffic to an external filtering server, such as
Secure Computing SmartFilter or Websense. These servers can block traffic to specific sites or types of
sites, as specified by your security policy.
Because URL filtering is CPU-intensive, using an external filtering server ensures that the throughput of
other traffic is not affected. However, depending on the speed of your network and the capacity of your
URL filtering server, the time required for the initial connection may be noticeably slower for filtered
traffic.
Fields
• No—Numeric identifier of the rule. Rules are applied in numeric order.
• Source—Source host or network to which the filtering action applies.
• Destination—Destination host or network to which the filtering action applies.
• Service—Identifies the protocol or service to which the filtering action applies.
• Action—Type of filtering action to apply.
• Options—Indicates the options that have been enabled for the specific action.
• Add—Displays the types of filter rules you can add. Clicking the rule type opens the Add Filter Rule
dialog box for the specified filter rule type.
–
Add Filter ActiveX Rule
–
Add Filter Java Rule
–
Add Filter HTTP Rule
–
Add Filter HTTPS Rule
–
Add Filter FTP Rule
• Edit—Displays the Edit Filter Rule dialog box for editing the selected filtering rule.
• Delete—Deletes the selected filtering rule.
• Cut—Lets you to cut a filter rule and place it elsewhere.
• Copy—Lets you copy a filter rule.
• Paste—Lets you paste a filter rule elsewhere.
• Find—Lets you search for a filter rule. Clicking in this button brings up an extended toolbar. See
Filtering the Rule Table, page 26-9 for more information.
• Rule Diagram—Toggles the display of the Rule Diagram.
• Packet Trace—Launches the Packet Tracer utility.
• Use the Addresses tab to choose the source of the filter rule that you are choosing.
–
Type—Lets you choose a source from the drop-down list, selecting from All, IP Address
Objects, IP Names, or Network Object groups.
–
Name—Lists the name(s) of the filter rule.