Configuring filtering services, Information about web traffic filtering, C h a p t e r – Cisco ASA 5505 User Manual
Page 797
C H A P T E R
39-1
Cisco ASA 5500 Series Configuration Guide using the CLI
39
Configuring Filtering Services
This chapter describes how to use filtering services to provide greater control over traffic passing
through the ASA and includes the following sections:
•
Information About Web Traffic Filtering, page 39-1
•
Configuring ActiveX Filtering, page 39-2
•
Configuring Java Applet Filtering, page 39-4
•
Filtering URLs and FTP Requests with an External Server, page 39-6
•
Monitoring Filtering Statistics, page 39-15
Information About Web Traffic Filtering
You can use web traffic filtering in two distinct ways:
•
Filtering ActiveX objects or Java applets
•
Filtering with an external filtering server
Instead of blocking access altogether, you can remove specific undesirable objects from web traffic, such
as ActiveX objects or Java applets, that may pose a security threat in certain situations.
You can use web traffic filtering to direct specific traffic to an external filtering server, such an Secure
Computing SmartFilter (formerly N2H2) or the Websense filtering server. You can enable long URL,
HTTPS, and FTP filtering using either Websense or Secure Computing SmartFilter for web traffic
filtering. Filtering servers can block traffic to specific sites or types of sites, as specified by the security
policy.
Note
URL caching will only work if the version of the URL server software from the URL server vendor
supports it.
Because web traffic filtering is CPU-intensive, using an external filtering server ensures that the
throughput of other traffic is not affected. However, depending on the speed of your network and the
capacity of your web traffic filtering server, the time required for the initial connection may be
noticeably slower when filtering traffic with an external filtering server.