Local Content filtering vs Subsciption Based
Configuration Tasks
- Parameter map configuration to define patterns.
- Class-map configuration to define URL filtering classes.
- Policy-map configuration to allow or reset the classes.
- Apply policy-map configuration as a child object Zone-Based firewall security policy.
parameter-map type urlf-glob FACEBOOK
pattern facebook.com
pattern *.facebook.com
parameter-map type urlf-glob YOUTUBE
pattern youtube.com
pattern *.youtube.com
2. Class map configuration to define URL filtering classes
class-map type urlfilter match-any BLOCKED_SITES
match server-domain urlf-glob FACEBOOK
match server-domain urlf-glob YOUTUBE
class-map type urlfilter match-any PERMITTED_SITES
match server-domain urlf-glob ANY_URL
3. Policy map configuration
policy-map type inspect urlfilter FILTER_URL_POLICY
class type urlfilter BLOCKEDSITES
log
reset
class type urlfilter PERMITTED_SITES
allow
4. Apply policy-map configuration in Zone-Based firewall security policy.
You have to apply the URL filtering policy as a child policy (with the service-policy urlfilter command) of a zone-based firewall class which matches http traffic.
policy-map type inspect IN-TO-OUT-POLICY
class type inspect HTTP-ACCESS
inspect
service-policy urlfilter CONTENT-FILTERING
No comments:
Post a Comment