Ironport S160 Access Policy URL Category not working
I have created a custom URL category "Allowed Sites" and put some sites in there that I want the proxy not to block and ticked the "Allow" field in my Access Policy.
Those sites also match the predefined URL category "Online Storage and Backup" which is blocked.
When I try to access those websites, the proxy blocks them saying they belong to the above predefined category.
Now, how can I allow those few sites, but not the whole predefined category??? Why is my custom category not being considered? URLs in there look like .example.com, .example2.com
Any help appreciated,
Kat
Hi Kush,
find attached the screenshot of the Access Policy with only the first few lines of the Predefined URL Categories. Also the category I created with "mozy.com" and others in it.
This is the output of a policy trace for a user that is assigned to this Access Policy when testing the URL in question "mozy.com"
URL Check
WBRS Score: 6.5
URL Category: Online Storage and Backup
Policy Match
IronPort Data Security policy: None
Decryption policy: None
Routing policy: None
Identity policy: NTLM_Identity
Access policy: exHSP
Final Result
Request blocked
Details: Request blocked based on URL category
Trace session complete
I'll do the tail and later today.
Kat
Similar Messages
-
Multilingual URL is not working in IE11
Multilingual URL is not working in IE11 same URL is working with other browser. Would like to know whether Arabic URL is supported in IE11?
Hello,
See this http://windows.microsoft.com/en-gb/windows-vista/change-your-internet-explorer-language-settings and follow the steps given
there. After that let us know whether it is working now or still not.
"Solution is to enable Send
IDN server names for non-Intranet URLs under
advanced settings. " This is also a solution.
Thanks Prakash
Varghese!
Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. -
URL Does Not Work in Firefox, but DOES Work in Other Browsers
The following URL does NOT work in Firefox. However, it DOES work in Internet Explorer and Google Chrome:
https://www.ascap.com/ace/
The main ASCAP URL works just fine. The problem seems to be confined to this link alone. Please fix; thank you!There is a server redirect on this URL.
<pre><nowiki>
https://www.ascap.com/ace/
GET /ace/ HTTP/1.1
Host: www.ascap.com
HTTP/1.1 302 Found
Location: https://www.ascap.com/Home/ace-title-search/index.aspx</nowiki></pre>
If you use a bookmark then try to navigate to the want page starting with the main (home) page.
You can reload web page(s) and bypass the cache to refresh possibly outdated or corrupted files.
*Hold down the Shift key and left-click the Reload button
*Press "Ctrl + F5" or press "Ctrl + Shift + R" (Windows,Linux)
*Press "Command + Shift + R" (Mac)
Clear the cache and remove cookies only from websites that cause problems.
"Clear the Cache":
*Firefox/Tools > Options > Advanced > Network > Cached Web Content: "Clear Now"
"Remove Cookies" from sites causing problems:
*Firefox/Tools > Options > Privacy > "Use custom settings for history" > Cookies: "Show Cookies" -
Verizon Access Manager Download link not working
Hi,
Verizon Access Manager Download link not working, Following Links
http://www.vzam.net/download/download.aspx?productid=872
http://pcdn2-download.vzw.com/win/7.7/VZAM_7.7.1_2727b-AC30-Web.exe
plz help to download verizon five spot access manager.
thanks
karthirocksHi karthirocks! I'm sorry to see you're having any difficulties using these links. I've clicked on both, but had no problems getting pages to launch or in getting the application to download. If this is still a problem for you, please describe the issue you're experiencing. Also, please share the browser version you're using, and if you've enabled any security feature that prevents access to certain secure sites or services. Thanks!
DionM_VZW
Follow us on Twitter www.twitter.com/vzwsupport -
ProtectLink Web Protect URL Filtering not working
Good day!
Please help.
We have a problem on our RV042 router.
The Protectlink WebProtect URL filtering is not working.
When we first activate the service (Nov. 12), it worked for a few days, then 2 days ago, our internet connection got problems. But yesterday, our ISP fix the problems on our internet connection, but the URL filtering of WebProtect is not working anymore even if it is enable, up to this time.
What should we do about this problem?
Thanks in advance for your kind replies!i have installed TMG 2010 and created url filtering rule for facebook.com but that problem
is ever after five minutes i can see that the users can access facebook. and then i check in TMG MMC so i can see that the Category Query says me that facebook.com is unknown....but just after five minutes i can see facebook has been automatically blocked
and i can also see in Category Query it says me facebook is in blog/wiki category...
so why it is changing automatically every after 5 or 10 minutes :( ?
where is the problem ???
i need your help please !! -
One other thing - I had a problem with the key pairing so I rebuilt the rsa 1024 and the unit started working. Unfortunately I reloaded without the config in place and now I cannot get it to work again. Any help will be greatly apprecaited although I did review a dozen other posts of people having similar problems and for some reason there is never any conclusion as to the solution and I am not sure why.
Some other info from the client end:
I just ran the stats on the client and packets are being encrypted BUT none are decrypted.
Also Tunnel received 0 and sent 115119
Encryption is 168-bit 3-DES
Authentication is HMAC-SHA1
also even though the allow LAN is selected in the Cisco VPN client it states the local LAN is disabled in the client stats
also Transparent tunneling is selcted but in the stats it states it is inactive
I am connecting with the Cisco VPN Client Ver 5.0.07.0440
This config works. It is on the internal net 192.168..40.x and all users obtain dhcp and surf the web. It has required ports opened.The problem is that you can connect remotely via the VPN and you receive an IP address from the remote-vpn pool but you cannot see any machines on the internal network. The pix is at 40.2 and you cannot ping the pix and the pix from the remote PC connecting via the VPN and youcannot ping the remote PC from the PIX console when the remote is connected and receives the first IP address in the VPN pool of 192.168.40.25
I need to see the internal network and map network drives. I have another friend that is running the same config and it works but his computer is on a linksys wireless and has an IP of 192.168.1.x and the IP he receives from the VPN pool is 192.168.1.25 so I do not know if the same network is allowing this config to work even if there is an error in the config. In my present case I obtain the ip of 192.168.40.25 from the VPN pool and my connecting pc on 192.168.1.x I really am not sure how the VPN virtual adapter works. I am assuming it routes all traffic from your connecting PC to and from the virtual adapater but I really do not know for sure.
Other people have had similar issues with accessing the internal network from the VPN. One solution was the split-tunnel, another was the natting and another had to do with the encrption where there and an issue with the encrypt and ecrypt which was stopping the communicaton via the VPN.
I still cannot seem to find the issue with this config and any help will be greatly appreciated.
This is the config
interface ethernet0 100full
interface ethernet1 100full
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password somepassword
hostname hostname
fixup protocol dns maximum-length 512
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol tftp 69
names
object-group network internal_trusted_net
network-object 192.168.40.0 255.255.255.0
object-group icmp-type icmp_outside
icmp-object echo-reply
icmp-object unreachable
icmp-object time-exceeded
icmp-object source-quench
access-list OutToIn permit icmp any xxx.xxx.xxx.0 255.255.255.248 object-group icmp_outside
access-list no_nat_inside permit ip 192.168.40.0 255.255.255.0 192.168.40.0 255.255.255.0
access-list split_tunnel permit ip 192.168.40.0 255.255.255.0 192.168.40.0 255.255.255.0
access-list OutToIn permit ip any any
access-list outbound permit ip any any
(NOTE: I had many more entries in the access list but removed them. Even with the above two allowing everything it does not work)
pager lines 24
mtu outside 1500
mtu inside 1500
ip address outside xxx.xxx.xxx.xxx 255.255.255.248
ip address inside 192.168.40.2 255.255.255.0
ip audit info action alarm
ip audit attack action alarm
ip local pool vpn_client_pool 192.168.40.25-192.168.40.30
pdm history enable
arp timeout 14400
global (outside) 1 interface
I had this statement missing from the previous posted config but even with the nat (inside) 0 access-list no_nat_inside it still does not work.
nat (inside) 0 access-list no_nat_inside
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
access-group acl_outside_in in interface outside
access-group outbound in interface inside
route outside 0.0.0.0 0.0.0.0 xxx.xxx.xxx.xxx 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
aaa-server LOCAL protocol local
http server enable
http 192.168.40.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server community $XXXXXX$
no snmp-server enable traps
floodguard enable
sysopt connection permit-ipsec
crypto ipsec transform-set 3des_strong esp-3des esp-sha-hmac
crypto dynamic-map clientmap 50 set transform-set 3des_strong
crypto map vpn 50 ipsec-isakmp dynamic clientmap
crypto map vpn client configuration address initiate
crypto map vpn client configuration address respond
crypto map vpn client authentication LOCAL
crypto map vpn interface outside
isakmp enable outside
isakmp identity address
isakmp client configuration address-pool local vpn_client_pool outside
isakmp nat-traversal 20
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption 3des
isakmp policy 10 hash sha
isakmp policy 10 group 2
isakmp policy 10 lifetime 86400
vpngroup remote-vpn split-tunnel split_tunnel
vpngroup remote-vpn idle-time 10800
vpngroup remote-vpn password ANOTHER PASSWORD
telnet timeout 5
ssh 0.0.0.0 0.0.0.0 outside
ssh 192.168.40.0 255.255.255.0 inside
ssh timeout 30
console timeout 60
dhcpd address 192.168.40.100-192.168.40.131 inside
dhcpd dns xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx
dhcpd lease 3600
dhcpd ping_timeout 750
dhcpd enable inside
username AUSER password PASSWORD privilege 15
terminal width 80
****************** End of config
I have been searching docs and other people's postings trying to obtain the info to make this work. It appears pretty much boiler plate but I believe my problem is in the natting. I am using a range in the internal network for the VPN pool and I have tried switching this to other networks but this has not helped. Unfortunately I have been unable to get the PDM to work and I believe this is a PC config thing and I did not want to waste the time on it. I read a post where a person using the PDM interface with the same problem (not being able to access the internal network) was able to go to a section in the VPN wizard and set the Address Exeption Translation. They said they originally set the VPN subnet when they did not have to. Many of the other blogs I read also stated that if the natting is not proper for the VPN pool- that it will not work but I am confused by the examples. They show as I do the complete range for an access-list called no_nat_inside but I believe it should only have the VPN pool IP range and not the entire network since the others do require natting - not sure if my thought process is correct here. Any help will be greatly apprecaited. Also this morning I just tried a boiler plate example from CISCO and it also did not do what I need for it to do. And I also connect a PC to obtain an IP to see if I can see it - no good. The PC can ping the PIX and viceversa but no one can ping the remote PC that connects via the CISCO Remote VPN client even though it receive an address from the vpnpool. Also include LAN is checked off on the client. This was mentioned in anther post.
Thank you once again.Hi,
PIX501 is a very very old Cisco firewall that has not been sold for a long time to my understanding. It also doesnt support even close to new software levels.
If you wanted to replace the PIX501 the corresponding model nowadays would be ASA5505 which is the smallest Cisco ASA firewall with 8 switch port module. There is already a new ASA5500-X Series (while ASA5505 is of the original ASA 5500 Series) but they have not yet introduced a replacing model for this model nor have they stopped selling this unit. I have a couple of them at home. Though naturally they are more expensive than your usual consumer firewalls.
But if you wanted to replace your PIX firewall then I would probably suggest ASA5505. Naturally you could get some other models too but the cost naturally rises even more. I am not sure at what price these are sold as used.
I used some PIX501 firewalls at the start of my career but have not used them in ages since ASA5505 is pretty much the firewall model we use when we need a firewall/vpn device for a smaller network/branch site.
Here is a PDF of the original ASA5500 Series.
http://www.cisco.com/en/US/prod/collateral/vpndevc/ps6032/ps6094/ps6120/prod_brochure0900aecd80285492.pdf
Here is a PDF of the new ASA5500-X Series
http://www.cisco.com/en/US/prod/collateral/vpndevc/ps6032/ps6094/ps6120/at_a_glance_c45-701635.pdf
I am afraid that its very hard for me atleast to troubleshoot this especially since I have not seen any outputs yet. Also the very old CLI and lack of GUI (?) make it harder to see what the problem is.
Could you provide the requested outputs?
From the PIX after connection test
show crypto ipsec sa
Screen captures of the VPN Client routing and statistics sections.
- Jouni -
URL buttons not working in Powerpoint
Hi
I have just created an Xcelsuis report and exported this to Powerpoint.
Now it opens up fine in Powerpoint, but my URL buttons do not work (they do not open the excel files i want, i.e. My button is URL: C:\Test\Test.xls)
When exporting to a pdf format this URL button works fine.
Please can you advise how I can get this working for my Powerpoint.
Thanks!When you export the SWF to your desktop or into a PPT it will not have permission to access external data by default (or call a URL).
You need to add C:\Program Files\...\PowerPoint.exe as to the list of trusted items using the Adobe Global Security Settings Manager, see the Xcelsius Release notes for more information about the Flash Player Security...
Regards
Matt -
NAC L2-IP on 6500 . URL Redirection Not working
Hi,
We are testing NAC L2-IP on a Cat 6506 running 12.2(18)SXF9.
When configuring for NAC L2-IP, the switch is able to download the required ACL
entries. The HTTP Server is enabled in the Switch, however still the HTTP
redirection is Not working.
From the Client side, I can see the SYN packets going to port 80 but no
response (Redirect etc) comes back from the switch.
This is the Port-ACL
10 permit udp any eq 21862 any
11 permit icmp any any echo-reply
20 permit udp any any eq bootps
30 permit udp any any eq domain
40 permit tcp any eq 3389 any
50 deny ip any any
This is the ACL as specified in the "url-redirect-acl" attribute
70 deny tcp any host 10.140.4.116 eq www
80 deny tcp any host 10.140.4.202 eq www
90 deny tcp any host 10.1.194.15 eq www
100 deny tcp any host 172.25.1.15 eq www
110 permit tcp any any eq www
Any ideas ?
+++++++++++++++++
show eou ip 10.192.99.27
Address : 10.192.99.27
MAC Address : 0006.5ba0.5705
Interface : FastEthernet2/47
AuthType : CLIENTLESS
Audit Session ID : 0000002C1387D1FB0000000D0AC0631B
PostureToken : -------
Age(min) : 15
URL Redirect : http://x.x.x/y
URL Redirect ACL : redirect-policy
ACL Name : #ACSACL#-IP-NAC_NoCTA_ACL-464b3186
User Name : UNKNOWN USER
Revalidation Period : 36000 Seconds
Status Query Period : 300 Seconds
Current State : CLIENTLESS
++++++++++++++++++++++++++++++++
Exactly the Same configuration and Secure ACS configuration works for a 3560 Switch.
Thanks,
NamanCheck this bug-id: CSCse02269.
-
Account access to specific websites not working
On my daughter's computer (iBook, limited rights account) she can no longer access Facebook and a few others. (these sites work fine with admin account on this machine) Heard that fixing permissions and/or repairing the Keychain would work... Nothing working so far. Though Safari was the culprit, but behavior same in: Firefox, Camino, iCab, Chrome. (uninstalled addn'l browsers after testing)
What I've done to date:
Reset Safari and empty cache
http://forums.macrumors.com/showthread.php?t=280529
no change
Ran Keychain First Aid and verified date and time from Apple's server
http://support.apple.com/kb/TA20405
no change
matched proxy information
http://superuser.com/questions/67472/safari-cant-establish-a-secure-connection-t o-the-server
no change
repair permissions as admin, then DVD, then root
ACL found but not expected on 'private/var/root/Library/Preferences'
ACL found but not expected on 'private/var/root/Library'
ACL found but not expected on 'private/var/root'
several issues with 'permissions differ but will not be changed'
no change so far, but repair permissions from restricted account (with authorization) looks promising though I've been fooled before.
Don't want to have to nuke/rebuild the profile. I had a similar problem on my PowerBook several years ago, and APPLCARE walked me through a Terminal fix. (All my machines are out of warranty now)
Anyone else have ideas?Fix permissions did NOT work, neither did booting as Single User with /sbin/fsck... Disk Utility with iBook in Target Mode reports "The volume iBook appears to be OK."
-
I've tried over 4 tutorials to make my movieclip link to a URL. It's just not working for some reason...
Here is my code.
ondemand.addEventListener(MouseEvent.CLICK,goThere);
function goThere(e:MouseEvent){
var request:URLRequest = new URLRequest("www.money.net");
navigateToURL(request);
ondemand.buttonMode = true;
ondemand.useHandCursor = true;
stop();
ondemand is a movieclip instance with a PNG image of text.
This should work!! There are no compilation errors...
No mouse cursor change on hover... just like nothing is there.
Please help...I am overall confused by your description of what you have, especially when you get to doubleclicking the movie and assigning code in it.
In any case, you need to assign the name (the same name) to every instance of a tweened object. The lack of a name in earlier frames will be inherited by instances in subsequent frames
I'm confused about your mention of 3 instances being in the library. Just for clarity, an instance is a library symbol (or an object) that you place on the stage. If you place two of the same objects on the stage, then you have 2 instances. Items in the library are instance-wanna-bes. If you have three different symbols in the library, and you are tweening them as if they were the same, your tween can't possibly work. -
URL Mapping not working inside MOSS
hi,
I want to achieve broken URL redirection in old web application developed in MOSS.
For this purpose, i have to use URL mapping inside web.config -
For Example -
<urlMappings enabled="true" >
<add url="~/brokenpath" mappedUrl="/subsite/Pages/Home.aspx" />
</urlMappings>
I have checked that '/subsite/Pages/Home.aspx' url is not broken but still getting 404 exception.
Similar tag is working under dev/local environment but not working in the production,
Can anybody please let me know the problem or any configuration missing.
Thanks in advance.Hi Saurabh, can you provide the actual broken path, both in your web.config as well as the absolute URL?
Dimitri Ayrapetov (MCSE: SharePoint) -
URL Encoder not working in Netscape
Hi All,
I am using url encoding in my servlet for redirecting a request. The query string values has some spaces in them. The code I have used is shown below
String mname = "Jason Perry"
response.sendRedirect
("http://194.216.8.238:8081/merchant/merch.merchant?msgid=RP&mctid=1111242&totcp="+price.toString()+"&mname="+URLEncoder.encode(mname)+"&mtxnid=UY675432");
Please note that 194.216.8.238:8081 is an IP of another server located outside our network.
In Netscape the url is shown as http://194.216.8.238:8081/merchant/merch.merchant?msgid=RP&mctid=1111242&totcp=15
&mname=Jason Perry&mtxnid=UY675432
The space is not getting replaced with the plus.
But I have observed that if the redirection is to the same server on which the servlet is running, it works fine.
I am at loss as to why url encode is not working when routing the request to another server. I am using Netscape 4.77 .
This is works in IE fine.
Your inputs are appreciated.
Thanks
MaliniYeah had this problem before, use the java.net.URLEncoder class:
<%@ page language="java" import="java.net.URLEncoder"%>
<%
String url = "http://194.216.8.238:8081/merchant/merch.merchant?msgid=RP&mctid=1111242&totcp=15
&mname=Jason Perry&mtxnid=UY675432"
String encodedUrl = URLEncoder.encode(url);
response.sendRedirect(encodedUrl);
%> -
HR report category not working
Hi,
I have created a report with PNPCE and when I run the program through se38 it works fine.
However, when I use the transaction that I have created for the program, the HR report category does not work and I get all the parameters instead of the ones that I have selected in the report category.
Could anyone please let me know what could be the reason?
Thanks,
~Mark..
-
Why the document.execCommand('InsertImage', false, URL) is not working
Hi I am using this code to upload the images in the Mac Safari browser. Its not working in Mac safari(loading the image. Just return the blank or empty). But its working the all other remain browser(ie, mozila, opera, safari). Using Code :
frames[0].focus();
frames[0].document.execCommand('InsertImage', false, URL);
alert(frames[0].document.execCommand('InsertImage', false, URL); � return false. But the other browser return true.
frames[0].focus();
URL Like = http://palani/graphics/IMAGE_GALARY/rose5.jpg].
This image is not loading the Mac safari HTML richText Editor.
Pls anybody give a correct solution to me.
PalaniHi Stevejluke . I am trying to load the images in javaScript.
This is js file contains the code. The values is passing correctly.
code is :
function imageLoadingToRichText(imageName, rte) // palani
LoadsImage(imageName.name, rte); // (or)document.getElementById('introductionText'));
// rte is richText in Jsp page like --->>> writeRichText('introductionText', document.getElementById('hiddenIntroductionText').innerHTML, null, null, null, null);
Another the richText.js file contains the below part.
function LoadsImage(ctl, rte ){
frames[0].focus();
frames[0].document.execCommand('InsertImage',false, ctl);
frames[0].focus();
} -
Network access when sleeping does not work.
My "Wake for network access" is not working.
I need to upload large files to clients.
I have my MBP plugged in and the screen is flip up not down. However when it goes to sleep when unattended, it loses network access.My settings:
Maybe you are looking for
-
My son was the first to get an iPod Touch and he set up his iMessage. Now my daugther has an iPod Touch, but we aren't sure how to set up iMessage so she doesn't get her brother's messages/chat... and can set up her own. Does she require a new Apple
-
Hi, I have a detail view(webdynpro) which I can open through a list report(webdynpro) or a link. The detail view opens successfully with data when I navigate from the list view. But when I pass the parameters through a link: I pass the parameter
-
Quicktime not playing the the complete mpeg2 file
I have QT pro with the mpeg2 component so I can play back mpeg2 files. However, when I get about 13 minutes on to the movie the frames stop but the slid bar continues to advance. I have checked to make sure that the movie and file is complete. I can
-
How to send progess info to the LMS
My organization is new to Captivate 7 and we're having a problem with our first course. We currently use a Meridian LMS and have been using OutStart Evolution to create content. We are having problems with a small percentage of our learners not get
-
Manipulating data between 2 tables
Hi Everyone, Scenario: Having two tables displayed and being able to add a row of data from table 'A' to table 'B' and also be able to remove a row of data from table 'B'. (similar to out of the box UME functionality in adding/removing roles to a us