URL Filtering WITHOUT Websense??

Hi folks. I am new to Cisco products and there are a few things I am trying ot configure. I am running a 2821 Router with IOS v 12.4(10a). I am trying to configure the URL filtering portion of the firewall ACL. I have configured to deny one site, then I enable the filter and it shuts down all internet sites. When I disable the URL filtering, everything works fine again. This looks pretty cut and dry but apparently it is not. I was also reading that I needed a websense server to use this feature? Is that correct? Thanks.

Reply to
ridergroov
Loading thread data ...

post what you have done. AFAIK the built-in filter is useful if you want to manage short lists of what to allow or deny. For more accurate management you need an external server.

HTH Alex

Reply to
AM

Hi Alex,

Yes I am only interested in blocking short lists. I am using the GUI interface to configure since I do not know the commands or how to use them yet. I have a training next week which will hopefully help out with that. Anyway, this is what I did:

  1. Logged into the router via web browser
  2. Clicked COnfigure at the top of the window
  3. Went to Firewall and ACL.
  4. Clicked on Application Security Tab
  5. Clicked on URL Filtering
  6. Checked Enable URL Filtering box.
  7. Clicked Add URL
  8. Entered
    formatting link
    (for testing).
  9. Clicked Deny radio button.
  10. Clicked Okay -
    formatting link
    shows up in list
  11. Clicked Apply Changes.

After I do that I get the message "To enable URL Filtering, configure "any any" ACL for the Java Applet scanner to avoid performance issue." which I ignored and clicked OK. The commands are successfully delivered to router. After I do that, ALL websites give me the forbidden message. Any help would be appreciated. Thanks!

AM wrote:

to allow or deny. For more accurate

Reply to
ridergroov

Hi Alex,

Yes I am only interested in blocking short lists. I am using the GUI interface to configure since I do not know the commands or how to use them yet. I have a training next week which will hopefully help out with that. Anyway, this is what I did:

  1. Logged into the router via web browser
  2. Clicked COnfigure at the top of the window
  3. Went to Firewall and ACL.
  4. Clicked on Application Security Tab
  5. Clicked on URL Filtering
  6. Checked Enable URL Filtering box.
  7. Clicked Add URL
  8. Entered
    formatting link
    (for testing).
  9. Clicked Deny radio button.
  10. Clicked Okay -
    formatting link
    shows up in list
  11. Clicked Apply Changes.

After I do that I get the message "To enable URL Filtering, configure "any any" ACL for the Java Applet scanner to avoid performance issue." which I ignored and clicked OK. The commands are successfully delivered to router. After I do that, ALL websites give me the forbidden message. Any help would be appreciated. Thanks!

AM wrote:

to allow or deny. For more accurate

Reply to
ridergroov

I guees that like the ACL config guidelines, you have to permit SOMETHING in a filter, as there are a implict deny any at the end of any filter.

So try to deny google, and then permit any.

HTH Martin

Reply to
Martin Bilgrav

It's rule for ALL Access-Lists - there is implicit "deny all" at the end of EVERY access-list (even though it's not shown in the config). It means that everything "not permitted" by an access-list will be dropped by default. So, you have to enable "everything else" at the end of access-list.

Good luck,

Mike

Reply to
headsetadapter.com

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.