Apply a content filter to a group of sender addresses

Similar Messages

• New content filter = no more ARD !?!?!?!

  I manage two sub-netoworks which use the same router and content filter but with a different IP addresses. I used to be able to connect to any machine on either network from the other one, but now I can't. I also have a new content filter, which I think is causing the problem. The machines are listed as sleeping when I know they are not.
  Any idea how I can get this to work?
  Thanks

  Make sure that the filter and router passes TCP/UDP ports 3283 and 5900. Most likely it's blocking at least 3283.
  Regards.

• App store icon gone missing/Web Content Filter - Apple Configurator

  I am using Apple Configurator to manage the iPads at my school. I changed the settings on my school's profile, within Apple Configurator, so that the App store was not available. The App store icon disappeared and all was good. I decided to change the settings back, to allow the App store, saved the settings and refreshed a group of iPads. The App store icon is still missing and it doesn't appear that my new settings have been applied. I quit Configurator and tried again, but no success. I am running Configurator 1.5 and the ipads are running iOS 7.1.
  Also, I have unchecked the "Allow use of You Tube" button because I want You Tube disabled, but Configurator still allows the use of You Tube through Safari. Is there any way to disable the use of You Tube without using the ridiculous "Web Content Filter", that when activated, limits adult content (good), which seems to include a lot of valuable educational sites (bad)? To me the only other option available seems to be to tick "Specific Websites Only" and spend the next year typing in all the possible sites that might have educational merit, ergo, my use of the word 'ridiculous'. Is there something I am missing?

  Locate it in the Apps folder and drag it to the dock.

• Can I set up a Content Filter that is Time/Date stamp dependent?

  My company would like to add an additional disclaimer text during Holidays where the company is closed.  It will say something like: "In observance of the 'XYZ' holiday, our offices will be closing at 3:00 PM on Friday, December........ and will reopen at 8:30 AM Monday.......".
  I was wondering if there is a way to set up conditions in an Outgoing content filter to only include that text if the email is sent between certain dates.
  This would allow me to set up the filters prior to the holidays and not have to manage them manually.
  I tried to do it via Exchange Transport rule, but I can't find a time/date dependent condition for the rules in Exchange.
  Thanks,
  Rachel    

  Hi Rachel,
  there is no way to archive this directly in content filters, an indirect way would be to use a message filter that adds an additional header (i.e. X-mas: true) during a specific period. For that, message filters provide the 'date' rule, i.e
  HolidayHeader:
  if ((date > '12/20/2012 13:00:00') and
       (date < '12/28/2012 12:00:00'))
  insert-header('X-mas', 'TRUE');
  You'd then create an outbound content filter matching on this header and inserting the specific footer if the header exists. Or, of course, you could have that action in the message filter already, however in that case you need additional conditions to make sure the rule applies on outbound messages only.
  Hope that helps,
  Andreas

• How do I apply the blur filter to all my layers at the same time?

  Hi I'm working on a background for a web page and I want to try how different filters are going to affect all the layers. Is it possible to apply a filter to all the layers without flattening the file first? Thanks very much,
  Cathy

  Thanks very much , that's really helpful,Cathy
  Date: Thu, 23 Dec 2010 11:18:21 -0700
  From: [email protected]
  To: [email protected]
  Subject: How do I apply the blur filter to all my layers at the same time?
  Hello!
  There is no need to flatten the file, but you can create a layer that merges all the content of the image, and apply the filter on that layer.
  Target the topmost layer, by holding the Option and . (period) keys, then create a merged copy by holding down Command Shift Option E.
  >

• Content filters based on Group Best Practice

  What is best practice for Content filters based on Group.
  What we wanna accomplish.
  We have few groups but i'll make an example on two.
  We have one group that have allowed "Media" and another group that have allowed "Exe".
  What is best practice if one user is in both group.
  How would you do Content filtering?
  I dont see in Content filtering condition
  if (Envelope Recipient does not mach group) then Block.
  Is the best way to create first?
  If (attachment.type="Media") then (insert header="sometext);
  and after in Content filter below
  if (Envelope Recipient) and (Header does not contain "sometext") then Block.

  Hi,
  I understand that I will have to use BPM. What is the best way?

• Could not apply background image to the panel group layout in spaces application

  I tried to apply background image to the panel group layout with css class and also with inline style such as below
  background-image:url('/content/conn/intra-dot-content/path/mywebcenter/lever/backgroundmain.jpg');background-position:center; background-repeat:repeat-y;
  The background image does not show up. but it work with panel border layout. Is there any work around for the issue

  You can try styleclass, which is always better choice than inlinestyle
  page:
  <af:panelGroupLayout id="pgl30"
                                     styleClass="testPGbackground">
                  <af:outputText value="outputText5" id="ot8"/>
                </af:panelGroupLayout>
  css:
  .testPGbackground {
      background-image:url('/images/unselectedTabStart.png');
  It works for me.
  I tried with inline style also and it worked.
  bac
  <af:panelGroupLayout id="pgl30"
                                     inlineStyle="background-image: url(/incview/images/unselectedTabStart.png);">
                  <af:outputText value="outputText5" id="ot8"/>
                </af:panelGroupLayout>
  NOTE: You need to mention image url with context-name here, which could be a way of hard coding context name and in future it could be very difficult to change contextname. As recommended styleclass is better solution.
  Thanks
  Sanjeev

• Outgoing mail Policy only able to use one of either Content Filter - Outbreak Filter - DLP

  No matter what config I use I am able to apply sender domains, anti spam and anti virus however I can only apply a single process of content filter which then will not move to the next process of DLP.  Can this be achieved so I can have within the same outgoing mail policy the process of content filter and dlp policies applied.

  Hello Bighead81,
  could you explain what you mean by "single process of content filter" please?  I'd suppose adding more than one content filter to a policy, which should be no problem. Also activation of Content Filter, Outbreak Filters and DLP (for outbound mailflow) for any policies.
  Regards,
  Andreas

• Pix 506e as Content Filter

  Is there any way to effectively use a Pix 506e as a content filter? I see some example configurations involving an ASA 5500, but I was wondering if the pix alone will allow content filtering. We are a small business that is looking to restrict just a few websites to our DHCP users. (i.e. eBay, yahoo mail, Amazon). We already have the pix. Thanks!

  Suppose if you want to filter streaming media content with PIX 506E, you have two options. The first one is to block ports on the PIX and the second is to use Proxy Server to filter URLs. Since our main concern is doing it on the PIX, You may enter these commands on the PIX for well-known ports that you could block on the firewall:
  access-list nostream deny udp any any eq 2979
  access-list nostream deny udp any any eq 1790
  access-list nostream deny udp any any eq 1755
  access-list nostream deny udp any any eq 1736
  access-list nostream deny udp any any eq 554
  access-list nostream deny udp any any eq 537
  access-list nostream deny tcp any any eq 2979
  access-list nostream deny tcp any any eq 1790
  access-list nostream deny tcp any any eq 1755
  access-list nostream deny tcp any any eq 1736
  access-list nostream deny tcp any any eq 554
  access-list nostream deny tcp any any eq 537
  access-list nostream permit tcp any any eq 80
  access-list nostream permit ip any any
  access-group nostream in interface inside
  However, some streaming applications use random ports using auto-configure options that are difficult to block with the PIX. To resolve this issue, you have the second option, using a proxy server to filter the URLs. You may use Websense and any other software to filter web traffic.

• Really Slow web surfing through ZBF with IOS Content filter

  Edited: attached partial output of "sh policy-map type inspect zone-pair urlfilter"   
  Hey, all
  We have a 1921 router with IOS Content filter subscribsion and it is also configured as ZBF running latest IOS v15.1. End-user keep complaining about slow web surfing. I connected to network and tested myself and found intermittent surfing experience.
  For example, access to www.ibm.com or www.cnn.com hangs 7 times of 10 attempts and maybe only loads reasonablly quick in 1-2 time of the 3. This also affects the speed of download from websites.
  I have the case openned with Cisco TAC and CCIE checked my configure but nothing caught his eyes...
  I decide to post the issue here in case we both missed something:
  Current configuration : 18977 bytes
  version 15.1
  service timestamps debug datetime msec
  service timestamps log datetime msec
  no service password-encryption
  hostname abc_1921
  boot-start-marker
  boot system flash:/c1900-universalk9-mz.SPA.151-4.M4.bin
  boot-end-marker
  aaa new-model
  aaa authentication login default local
  aaa authentication login NONE_LOGIN none
  aaa authorization exec default local
  aaa session-id common
  clock timezone AST -4 0
  clock summer-time ADT recurring 3 Sun Mar 2:00 2 Sun Nov 2:00
  no ipv6 cef
  ip source-route
  ip auth-proxy max-login-attempts 5
  ip admission max-login-attempts 5
  ip cef
  ip dhcp excluded-address 192.168.1.1 192.168.1.9
  ip dhcp excluded-address 192.168.1.111 192.168.1.254
  ip dhcp pool DHCPPOOL
  import all
  network 192.168.1.0 255.255.255.0
  domain-name abc.local
  dns-server 192.168.10.200 192.168.10.202
  netbios-name-server 4.2.2.4
  default-router 192.168.1.150
  option 202 ip 192.168.1.218
  lease 8
  ip domain name abc.locol
  ip name-server 8.8.8.8
  ip name-server 4.2.2.2
  ip port-map user-port-1 port tcp 5080
  ip port-map user-port-2 port tcp 3389
  ip inspect log drop-pkt
  multilink bundle-name authenticated
  parameter-map type inspect global
  log dropped-packets enable
  parameter-map type urlfpolicy trend cprepdenyregex0
  allow-mode on
  block-page message "The website you have accessed is blocked as per corporate policy"
  parameter-map type urlf-glob cpaddbnwlocparapermit2
  pattern www.alc.ca
  pattern www.espn.com
  pattern www.bestcarriers.com
  pattern www.gulfpacificseafood.com
  pattern www.lafermeblackriver.ca
  pattern 69.156.240.29
  pattern www.tyson.com
  pattern www.citybrewery.com
  pattern www.canadianbusinessdirectory.ca
  pattern www.homedepot.ca
  pattern ai.fmcsa.dot.gov
  pattern www.mtq.gouv.qc.ca
  pattern licenseinfo.oregon.gov
  pattern www.summitfoods.com
  pattern www.marine-atlantic.ca
  pattern www.larway.com
  pattern www.rtlmotor.ca
  pattern *.abc.com
  pattern *.kijiji.ca
  pattern *.linkedin.com
  pattern *.skype.com
  pattern toronto.bluejays.mlb.com
  pattern *.gstatic.com
  parameter-map type urlf-glob cpaddbnwlocparadeny3
  pattern www.facebook.com
  pattern www.radiofreecolorado.net
  pattern facebook.com
  pattern worldofwarcraft.com
  pattern identityunknown.net
  pattern static.break.com
  pattern lyris01.media.com
  pattern www.saltofreight.com
  pattern reality-check.com
  pattern reality-check.ca
  parameter-map type ooo global
  tcp reassembly timeout 5
  tcp reassembly queue length 128
  tcp reassembly memory limit 8192
  parameter-map type trend-global global-param-map
  cache-size maximum-memory 5000
  crypto pki token default removal timeout 0
  crypto pki trustpoint Equifax_Secure_CA
  revocation-check none
  crypto pki trustpoint NetworkSolutions_CA
  revocation-check none
  crypto pki trustpoint trps1_server
  revocation-check none
  crypto pki trustpoint TP-self-signed-3538579429
  enrollment selfsigned
  subject-name cn=IOS-Self-Signed-Certificate-3538579429
  revocation-check none
  rsakeypair TP-self-signed-3538579429
  !! CERTIFICATE OMITED !!
  redundancy
  ip ssh version 2
  class-map type inspect match-any INCOMING_VPN_TRAFFIC_MAP
  match access-group name REMOTE_SITE_SUBNET
  class-map type inspect match-all PPTP_GRE_INSPECT_MAP
  match access-group name ALLOW_GRE
  class-map type inspect match-all INSPECT_SKINNY_MAP
  match protocol skinny
  class-map type inspect match-all INVALID_SOURCE_MAP
  match access-group name INVALID_SOURCE
  class-map type inspect match-all ALLOW_PING_MAP
  match protocol icmp
  class-map type urlfilter match-any cpaddbnwlocclasspermit2
  match  server-domain urlf-glob cpaddbnwlocparapermit2
  class-map type urlfilter match-any cpaddbnwlocclassdeny3
  match  server-domain urlf-glob cpaddbnwlocparadeny3
  class-map type urlfilter trend match-any cpcatdenyclass2
  class-map type inspect match-all cpinspectclass1
  match protocol http
  class-map type inspect match-any CUSTOMIZED_PROTOCOL_216
  match protocol citriximaclient
  match protocol ica
  match protocol http
  match protocol https
  class-map type inspect match-any INSPECT_SIP_MAP
  match protocol sip
  class-map type urlfilter trend match-any cptrendclasscatdeny1
  match  url category Abortion
  match  url category Activist-Groups
  match  url category Adult-Mature-Content
  match  url category Chat-Instant-Messaging
  match  url category Cult-Occult
  match  url category Cultural-Institutions
  match  url category Gambling
  match  url category Games
  match  url category Illegal-Drugs
  match  url category Illegal-Questionable
  match  url category Internet-Radio-and-TV
  match  url category Joke-Programs
  match  url category Military
  match  url category Nudity
  match  url category Pay-to-surf
  match  url category Peer-to-Peer
  match  url category Personals-Dating
  match  url category Pornography
  match  url category Proxy-Avoidance
  match  url category Sex-education
  match  url category Social-Networking
  match  url category Spam
  match  url category Tasteless
  match  url category Violence-hate-racism
  class-map type inspect match-any INSPECT_PROTOCOLS_MAP
  match protocol pptp
  match protocol dns
  match protocol ftp
  match protocol https
  match protocol imap
  match protocol pop3
  match protocol netshow
  match protocol shell
  match protocol realmedia
  match protocol rtsp
  match protocol smtp
  match protocol sql-net
  match protocol streamworks
  match protocol tftp
  match protocol vdolive
  match protocol tcp
  match protocol udp
  match protocol icmp
  class-map type urlfilter trend match-any cptrendclassrepdeny1
  match  url reputation ADWARE
  match  url reputation DIALER
  match  url reputation DISEASE-VECTOR
  match  url reputation HACKING
  match  url reputation PASSWORD-CRACKING-APPLICATIONS
  match  url reputation PHISHING
  match  url reputation POTENTIALLY-MALICIOUS-SOFTWARE
  match  url reputation SPYWARE
  match  url reputation VIRUS-ACCOMPLICE
  class-map type inspect match-all CUSTOMIZED_NAT_MAP_1
  match access-group name CUSTOMIZED_NAT_1
  match protocol user-port-1
  class-map type inspect match-all CUSTOMIZED_NAT_MAP_2
  match access-group name CUSTOMIZED_NAT_2
  match protocol user-port-2
  class-map type inspect match-any INSPECT_H323_MAP
  match protocol h323
  match protocol h323-nxg
  match protocol h323-annexe
  class-map type inspect match-all INSPECT_H225_MAP
  match protocol h225ras
  class-map type inspect match-all CUSTOMIZED_216_MAP
  match class-map CUSTOMIZED_PROTOCOL_216
  match access-group name CUSTOMIZED_NAT_216
  policy-map type inspect OUT-IN-INSPECT-POLICY
  class type inspect INCOMING_VPN_TRAFFIC_MAP
    inspect
  class type inspect PPTP_GRE_INSPECT_MAP
    pass
  class type inspect CUSTOMIZED_NAT_MAP_1
    inspect
  class type inspect CUSTOMIZED_NAT_MAP_2
    inspect
  class type inspect CUSTOMIZED_216_MAP
    inspect
  class class-default
    drop
  policy-map type inspect urlfilter cppolicymap-1
  description Default abc Policy Filter
  parameter type urlfpolicy trend cprepdenyregex0
  class type urlfilter cpaddbnwlocclasspermit2
    allow
  class type urlfilter cpaddbnwlocclassdeny3
    reset
    log
  class type urlfilter trend cptrendclasscatdeny1
    reset
    log
  class type urlfilter trend cptrendclassrepdeny1
    reset
    log
  policy-map type inspect IN-OUT-INSPECT-POLICY
  class type inspect cpinspectclass1
    inspect
    service-policy urlfilter cppolicymap-1
  class type inspect INSPECT_PROTOCOLS_MAP
    inspect
  class type inspect INVALID_SOURCE_MAP
    inspect
  class type inspect INSPECT_SIP_MAP
    inspect
  class type inspect ALLOW_PING_MAP
    inspect
  class type inspect INSPECT_SKINNY_MAP
    inspect
  class type inspect INSPECT_H225_MAP
    inspect
  class type inspect INSPECT_H323_MAP
    inspect
  class class-default
    drop
  zone security inside
  description INTERNAL_NETWORK
  zone security outside
  description PUBLIC_NETWORK
  zone-pair security INSIDE_2_OUTSIDE source inside destination outside
  service-policy type inspect IN-OUT-INSPECT-POLICY
  zone-pair security OUTSIDE_2_INSIDE source outside destination inside
  service-policy type inspect OUT-IN-INSPECT-POLICY
  crypto isakmp policy 10
  encr 3des
  authentication pre-share
  group 2
  crypto isakmp key password address 11.22.3.1
  crypto ipsec security-association lifetime seconds 28800
  crypto ipsec transform-set TunnelToCold esp-3des
  crypto map TunnelsToRemoteSites 10 ipsec-isakmp
  set peer 11.22.3.1
  set transform-set TunnelToCold
  match address TUNNEL_TRAFFIC2Cold
  interface Embedded-Service-Engine0/0
  no ip address
  shutdown
  interface GigabitEthernet0/0
  description OUTSIDE_INTERFACE
  ip address 1.1.1.186 255.255.255.248
  ip nat outside
  ip virtual-reassembly in
  zone-member security outside
  duplex full
  speed 1000
  crypto map TunnelsToRemoteSites
  crypto ipsec df-bit clear
  interface GigabitEthernet0/1
  description INSIDE_INTERFACE
  ip address 192.168.1.150 255.255.255.0
  ip nat inside
  ip virtual-reassembly in
  zone-member security inside
  duplex full
  speed 1000
  ip forward-protocol nd
  ip http server
  ip http access-class 10
  ip http authentication local
  ip http secure-server
  ip nat inside source static tcp 192.168.1.217 5080 interface GigabitEthernet0/0 5080
  ip nat inside source route-map NAT_MAP interface GigabitEthernet0/0 overload
  ip nat inside source static tcp 192.168.1.216 80 1.1.1.187 80 extendable
  ip nat inside source static tcp 192.168.1.216 443 1.1.1.187 443 extendable
  ip nat inside source static tcp 192.168.1.216 1494 1.1.1.187 1494 extendable
  ip nat inside source static tcp 192.168.1.216 2598 1.1.1.187 2598 extendable
  ip nat inside source static tcp 192.168.1.213 3389 1.1.1.187 3390 extendable
  ip nat inside source static tcp 192.168.1.216 5080 1.1.1.187 5080 extendable
  ip route 0.0.0.0 0.0.0.0 1.1.1.185
  ip access-list standard LINE_ACCESS_CONTROL
  permit 192.168.1.0 0.0.0.255
  ip access-list extended ALLOW_ESP_AH
  permit esp any any
  permit ahp any any
  ip access-list extended ALLOW_GRE
  permit gre any any
  ip access-list extended CUSTOMIZED_NAT_1
  permit ip any host 192.168.1.217
  permit ip any host 192.168.1.216
  ip access-list extended CUSTOMIZED_NAT_2
  permit ip any host 192.168.1.216
  permit ip any host 192.168.1.212
  permit ip any host 192.168.1.213
  ip access-list extended CUSTOMIZED_NAT_216
  permit ip any host 192.168.1.216
  ip access-list extended INVALID_SOURCE
  permit ip host 255.255.255.255 any
  permit ip 127.0.0.0 0.255.255.255 any
  ip access-list extended NAT_RULES
  deny   ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
  deny   ip 192.168.1.0 0.0.0.255 192.168.3.0 0.0.0.255
  deny   ip 192.168.1.0 0.0.0.255 192.168.4.0 0.0.0.255
  deny   ip 192.168.1.0 0.0.0.255 192.168.5.0 0.0.0.255
  deny   ip 192.168.1.0 0.0.0.255 192.168.6.0 0.0.0.255
  deny   ip 192.168.1.0 0.0.0.255 192.168.7.0 0.0.0.255
  deny   ip 192.168.1.0 0.0.0.255 192.168.8.0 0.0.0.255
  deny   ip 192.168.1.0 0.0.0.255 192.168.9.0 0.0.0.255
  deny   ip 192.168.1.0 0.0.0.255 192.168.10.0 0.0.0.255
  permit ip 192.168.1.0 0.0.0.255 any
  ip access-list extended REMOTE_SITE_SUBNET
  permit ip 192.168.2.0 0.0.0.255 192.168.1.0 0.0.0.255
  permit ip 192.168.3.0 0.0.0.255 192.168.1.0 0.0.0.255
  permit ip 192.168.4.0 0.0.0.255 192.168.1.0 0.0.0.255
  permit ip 192.168.5.0 0.0.0.255 192.168.1.0 0.0.0.255
  permit ip 192.168.6.0 0.0.0.255 192.168.1.0 0.0.0.255
  permit ip 192.168.7.0 0.0.0.255 192.168.1.0 0.0.0.255
  permit ip 192.168.8.0 0.0.0.255 192.168.1.0 0.0.0.255
  permit ip 192.168.9.0 0.0.0.255 192.168.1.0 0.0.0.255
  permit ip 192.168.10.0 0.0.0.255 192.168.1.0 0.0.0.255
  ip access-list extended TUNNEL_TRAFFIC2ABM
  permit ip 192.168.1.0 0.0.0.255 192.168.10.0 0.0.0.255
  ip access-list extended TUNNEL_TRAFFIC2Bridgewater
  permit ip 192.168.1.0 0.0.0.255 192.168.8.0 0.0.0.255
  ip access-list extended TUNNEL_TRAFFIC2ColdbrookDispatch
  permit ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
  ip access-list extended TUNNEL_TRAFFIC2ColdbrookETL
  permit ip 192.168.1.0 0.0.0.255 192.168.7.0 0.0.0.255
  ip access-list extended TUNNEL_TRAFFIC2ColdbrookTrailershop
  permit ip 192.168.1.0 0.0.0.255 192.168.3.0 0.0.0.255
  ip access-list extended TUNNEL_TRAFFIC2Moncton
  permit ip 192.168.1.0 0.0.0.255 192.168.6.0 0.0.0.255
  ip access-list extended TUNNEL_TRAFFIC2MountPearl
  permit ip 192.168.1.0 0.0.0.255 192.168.4.0 0.0.0.255
  ip access-list extended TUNNEL_TRAFFIC2Ontoria
  permit ip 192.168.1.0 0.0.0.255 192.168.5.0 0.0.0.255
  ip access-list extended WEB_TRAFFIC
  permit tcp 192.168.1.0 0.0.0.255 any eq www
  access-list 10 permit 192.168.1.0 0.0.0.255
  route-map NAT_MAP permit 10
  match ip address NAT_RULES
  snmp-server community 1publicl RO
  control-plane
  line con 0
  logging synchronous
  login authentication NONE_LOGIN
  line aux 0
  line 2
  no activation-character
  no exec
  transport preferred none
  transport input all
  transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
  stopbits 1
  line vty 0 4
  access-class LINE_ACCESS_CONTROL in
  exec-timeout 30 0
  logging synchronous
  transport input all
  scheduler allocate 20000 1000
  ntp server 0.ca.pool.ntp.org prefer
  ntp server 1.ca.pool.ntp.org
  end

  Hi,
  I know this is for a different platform but have a look at this link:
  https://supportforums.cisco.com/thread/2089462
  Read through it to get some idea of the similarity, but in particular note the last entry almost a year after the original post.
  I too am having trouble with http inspection, if I do layers 3 & 4 inspection there is no issue whatsoever, but as soon as I enable layer 7 inspection then I have intermittent browsing issues.
  The easy solution here is to leave it at layers 3 & 4, which doesn't give you the flixibility to do cool things like blocking websites, IM, regex expression matching etc...  but in my opinion I just don't think these routers can handle it.
  It appears to be a hit and miss affair, and going on the last post from the above link, you might be better off in having the unit replaced under warranty.
  The alternative is wasting a lot of time and effort and impacting your users to get something up and running that in the end is so flaky that you have no confidence in the solution and you are then in a situation where ALL future issues users are facing MIGHT be because of this layer 7 inspection bug/hardware issue etc?
  I would recommend you use the router as a frontline firewall with inbound/outbound acl's (no inspection), and then invest a few $ in getting an ASA dedicated firewall (but that's just me )

• Restricting email recipient domain with content filter

  Gents,
  I am looking to restrict email receipient domain to two with the help of content filter instead of using RAT table.
  Please help me out.

  I understand that you want mail to be rejected for all but 2 Recipient users/domains.  You also want to declare the users/domains via a Filter instead of in the RAT.  This is not recommended, here is why:
  - If you set the RAT to  'All Other Recipients' to 'Accept', other hosts may believe the ESA is an 'Open Relay' and may refuse mail from its IP.
  - Bouncing mail after acceptance can cause 'backscatter' emails.  This is where a mail server redistributes spam via bounces and it will cause some hosts to reject your mail.
  - If done incorrectly, can cause valid mail to bounce.
  - If done incorrectly, can make your ESA an Open Relay that can be abused by others.
  If you still wish to proceed knowing that the above risks, here are the high-level steps:
  1) Set 'All Other Recipients' to 'Accept' in RAT
  2) Create a new Incoming Mail Policy
   - Add the valid users and/or domains to this new Policy
  3) Create new Incoming Content Filter:
   - Rule: leave empty
   - Action: Bounce
  4) Disable all scanning on Default Incoming Mail Policy
  5) Apply the new Filter to the Default Incoming Mail Policy
  6) Verify that the new Incoming Mail Policy has appropriate scanning enabled
  This method works by accepting all mail sent to the ESA, even if it is for a domain you do not control or for an invalid recipient for a domain you do control.  When the messages reach the Incoming Mail Policies, valid recipients will match on the new Policy while every other address matches the Default Incoming Mail Policy.  Using the Policies in this way is required so that the message is 'splintered' before processing through most scanning features.  Now only users/domain that do not match your new Policy will be Bounced by the Content Filter.
  Again, I wish to stress that I do _not_ recommend this approach: it is far safer to simply list the valid users or domains directly in the RAT.
  - Jackie

• 2821, IOS content filter-BUG? HTTP CORE process eating router alive

  HTTP CORE process in IOS router is causing network outage. Its 2821, zone based firewall with IOS content filter. IOS content filter was working fine for last month, all of the sudden today it is working faulty. Network is waving on and off with CPU being hogged. Tried reboot and problem returns. Any advice out there?
  IOS versions below
  CPU utilization for five seconds: 99%/0%; one minute: 99%; five minutes: 99%
  PID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process
  141 2228956 11329 196747 99.20% 99.29% 99.02% 0 HTTP CORE
  4 3428 294 11659 0.39% 0.09% 0.10% 0 Check heaps
  210 8 14040 0 0.07% 0.00% 0.00% 0 Atheros LED Ctro
  c2800nm-advsecurityk9-mz.124-22.T.bin
  #sh ip trm sub status
  Package Name: Security & Productivity
  Status: No subscription information available.
  Status Update Time: N/A
  Expiration-Date: N/A
  Last Req Status: Waiting for response
  Last Req Sent Time: 22:02:38 CST Sat Jan 24 2009
  sh ip trm ?
  config TRM config
  subscription Trend Subscription information
  #sh ip trm config
  Server: trps.trendmicro.com ( Default *)
  HTTPS Port: 443
  HTTP Port: 80
  Status: Active
  11111 11111 11111
  999999900000999999999999999999990000099999999990000099999999
  999999900000999999999999999999990000099999999990000099999999
  100 ************************************************************
  90 ************************************************************
  80 ************************************************************
  70 ************************************************************
  60 ************************************************************
  50 ************************************************************
  40 ************************************************************
  30 ************************************************************
  20 ************************************************************
  10 ************************************************************
  0....5....1....1....2....2....3....3....4....4....5....5....6
  0 5 0 5 0 5 0 5 0 5 0
  CPU% per second (last 60 seconds)
  11111111111 11 11111111111111 11 11
  0000000000090090000000000000099009900 5
  0000000000090090000000000000099009900355215223
  100 ####################################*
  90 #####################################
  80 #####################################
  70 #####################################
  60 #####################################
  50 ##################################### *
  40 ##################################### *
  30 ##################################### *
  20 ##################################### *
  10 ##################################### ** * #
  0....5....1....1....2....2....3....3....4....4....5....5....6
  0 5 0 5 0 5 0 5 0 5 0
  CPU% per minute (last 60 minutes)
  * = maximum CPU% # = average CPU%

  Try moving to 12.4(20)T2 like me
  Some issues have been corrected like object-groups for acls.
  I noticed all has not been solved, but it is quite better.
  On 12.4(22)T, I had memory fragmentation and overflow when I was issuing a lot of acl and object groups commands

• Content Filter - attachment stripping logic not working like I think it should

  Hello,
  I am working on a content filter for stripping file attachments - my logic is this:
  Condition: If File Type does NOT EQUAL file type Documents: attachment-filetype != "Document"
  Action: Strip File Attachment by File Info: drop-attachments-by-size(0 bytes) 
  My thought is that files that are not word docs, "test.ZIP" for example, would match the condition of not being a document. The match specifies that the action should then be performed on it - strip the attachment if it is over 0 bytes, which would be a match to any file. 
  Right now, it strip anythings, documents included...its like the condition does not exist. I considered using Message Filters at first, but I need to provide a replacement message with each attachment I strip. Thanks in advance for your help! 

  Hey Daniel
  Your understanding is correct to a point.
  The condition you set is correct, it will look for emails where attachments are NOT document files according to their mime structure.
  Once this condition is met (IE: test.zip)
  it will fall to the action
  Your action however is set to drop all attachments greater than 0 bytes.
  So for a setup like this I would suggest.
  First content filter:
  Attachment filetype is equal to "document"
  Action for this content filter :  skip remaining content filters
  Second content filter:
  (Either no condition or Attachment filetype is NOT "document")
  Action -> Strip if size greater than 0
  The reason why all attachment filetypes are being stripped and even document is the condition simply states what needs to be seen to trigger this action
  But this action is not set to exempt document files but to strip them all

• I am trying to apply a lens filter in CS6 to a mp4 movie from the phantom 2 . I do the normal steps of lens filter and choose dji, phantom2 , and I click ok and the picture improves and there is less curve etc. What I don't know is why it seems to revert

  I am trying to apply a lens filter in CS6 to a mp4 movie from the phantom 2+. I do the normal steps of lens filter and choose dji, phantom2+, and I click ok and the picture improves and there is less curve etc. What I don't know is why it seems to revert back to the old movie when I come back later on. I know I saved it but I must be doing something wrong. Here are my steps:
  Open an Mp4 movie
  Choose filter, lens correction
  Choose dii
  choose Phantom FC200
  click ok and the image improves.
  I then save as a name.psd and close the file.
  I reopen the file and it looks good. When I play the movie it just jumps back to the old curved horizon.
  What am I doing wrong? If you can help me I would be very grateful.
  Marc

  AND yea i afraid to sync my iphone and lose everything ;( i had everything perfect sync ing perfect ical,contacts,mail,apps and now sence new library I dont wana lose everything.....my hole life runs on my fone i need help bad

• "Apply Active Content Update" message ONLY in Firefox

  Here's my new website:
  www.ClampTools.com
  When I view it in IE it looks great. When I view it in
  Firefox (like for the Press link) I get this error:
  This page requires AC_RunActiveContent.js. In Flash run
  "Apply Active Content Update" in the Commands menu to copy
  AC_RunActiveContent.js to the HTML output folder.
  I already did all of this and yes the js file is there, in
  the same directory. Any ideas why this isn't working?
  Thanks!

  FIREFOX FIX FOR VS.NET 2005 USERS:
  This issue happens when using Visual Studio 2005 as the
  editor.
  I copied the <HEAD> portion of a page that worked and
  pasted it in the bad page. When saving the file in the VS editor it
  gives me this message:
  Some Unicode characters in this file could not be saved in
  the current
  codepage. Do you want to resave this file as Unicode in order
  to maintain
  your data? Yes, No, Save With Other Encoding or Cancel
  I selected NO and everything is fine.