SA520W Content Filtering blocks all URL

My current config is using the SA520W with firwmware 2.1.18.
I have enabled ProtecLink Web with the following settings.
Global Settings>Approved Clients = Enable approved Clients: Checked
Global Settings>Approved URLs = Enable Approved URLs List: Checked
Web Protection>Overflow Control = Temporarily Block URL requests: Checked
Web Protection>Web Threat Protection = Not Enabled
Web Protection>URL Filtering = Enable URL Filtering: Checked
Web Protection>URL Filtering = Enable Check Referer: Checked
Web Protection>URL Filtering = HTTP Ports: 80
Filtered Catagories
Computers/Harmful = All are checked for Business and Leisure hours.
The issue I am having is that this is blocking all traffic through the device, accept for traffic on port 443 HTTPS. I am able to load pages that are directed to HTTPS. Is there an issue with how I have this configuration setup, or is there an issue with the firmware?
Thanks
Robert

Hi Robert,
I am using the setup described in your email below but not able to reproduce the issue reported. I have tried some sites and able to browse successfully. Few are the examples:
www.google.com, www.yahoo.com, www.apple.com, www.cnn.com, www.facebook.com, www.ebay.com, www.amazon.com
I did see some advertisements frames got blocked in some websites as well as advertisement sites like www.craigslist.com been blocked due to 'Computers/Harmful' category selected for URL filtering.
Can you let me know some sites that are blocked in your setup. Also which browser are you using for your http traffic.
Thanks,
Nitin.

Similar Messages

  • Block all URL except one or two in WRSV4400N

    Hi,
         I have a WRSV4400N router and I need to block all URL except one or two. Can I do it with or whitout TrendMicro ProtectLink??
    Thank you

    Hi Axondigital,
    Your english is very good.  I did say "check and see"  in my earlier post and not here is a solution.
    To answer your original question , the answer is NO.
    URL filtering is a limitation you will find in a product like the WRVS4400N, but you will not find that limitation in the new and more powerful SA520 which has an URL allowed and blocked list.
    My advice would be, evaluate trendmico protectlink if you wish and see what you think.  send a email to the following address to get a evaluation license;
    [email protected]
    But try a SA500,  if that customer  really needs a low cost, but capable router that requires URL allowed list.
    regards Dave

  • BBSM content filtering

    Hi,
    We are keen to introduce wlan hotspots in our libraries to allow the public access to the internet, however we really require content filtering. Has anyone out there managed to filter content while using the BBSM? Can the BBSM perform content filtering at all or is the functionality limited to the "walled garden" feature? Can a proxy running Webmarshal or similar be used along with the BBSM?
    Any help would be greatly appreciated.
    Thanks,
    Scott

    Hi Scott,
    We use a product called SurfControl on a Windows box to filter web traffic that flows through the BBSM. We set up a SPAN (or monitor) session on the switch to which both the BBSM and SurfControl Server are connected. I have not tried the built-in ISA feature in the BBSM, but it is my understanding the you can do filtering and monitoring with this feature enabled.
    -Dave

  • IOS Content Filtering Using TrendMicro: Can I customize the block-page redirect-url?

    I have IOS content filtering using the Trend Micro subscription service working on a 2911 running 15.1.(3)T3 with the security license option and a 30 day demo Trend subscription.
    Once I figured out that the content filtering for Trend appears to be completely broken in 15.2 (even using docs for 15.2) I went back to 15.1 and it works great.
    Everything seems great so far except I would like to have a more 'fancy' or custom blocked page where a user can have a couple links to either go to the trend micro reporting page http://global.sitesafety.trendmicro.com/result.php or some other page, and maybe some branding so they know the page is coming from our network and is not some fake security thing or phishing attempt or whatever.
    I know I can use the 'parameter-map type urlfpolicy trend ' section to do a tiny bit of customization of the text that appears on the default blocked page display and there is an option for it to go to a simple redirect instead ('block-page redirect-url') but I wonder if anyone has any ideas on how to do more with either the built in page or the redirect-url to keep the information of what page the user was trying to access and why it was blocked (category etc.) while adding more features.
    Thanks!
    Oh, one last thing, this doesn't support any kind of 'user override' or anything like that does it? So that a network can have a filter applied but an admin could override the filtering to allow temporary access to something?

    Hmm... no thoughts over the weekend. Anyone?

  • Mozilla has switched off content blocker and URL advisor for Kapersky and I cannot browse the web

    How do I turn these back on?

    It appears that the problem is that the Kaspersky components are outdated an needing action from Kaspersky. I have not the time to research this myself at the moment, but you may be able to do so your self on their support site.
    What do you mean by you cannot browse the web.
    What are the content blocker and URL advisor intended to do ? They may well be largely unnecessary and superfluous. Is just installing them blocking you from using Firefox ? If so uninstall them until Kaspersky has a fix.
    Please also look at this thread
    * [/questions/975869] <br /> (With Windows 7 it would be similar advice) concluding:
    ''Firefox doesn't have any known compatibility issues with any of the major anti-virus suites, but honestly you are wasting your money if you pay for them. Uninstall them and use Window 8's built in Windows Defender. Update your Windows 8 machines to Windows 8.1, and make sure your win 7 machine is up to date, and always keep everything on your machines (Firefox, plugins, etc.) all up to date. That will keep you secure as possible. ''
    * From Windows Microsoft see http://windows.microsoft.com/en-gb/windows/security-essentials-download (That '''explains''' about MSE it does NOT automatically download anything )
    Note
    (But Quotation above is from Tyler who IS professional paid Mozilla Firefox support staff)
    The people who answer questions here, for the most part, are other Firefox users volunteering their time (like me), not Mozilla employees or Firefox developers.
    If you want to leave feedback for Firefox developers, you can go to the Firefox ''Help'' menu and select ''Submit Feedback...'' or use [https://input.mozilla.org/feedback this link]. (You'll need to be on the latest version of Firefox to submit feedback). Your feedback gets collected at http://input.mozilla.org/, where a team of people read it and gather data about the most common issues.

  • How to Set Up Content Blocker to Block All Sites Except Those That Are Listed?

    How to Set Up Content Blocker to Block All Sites Except Those That Are Listed by Firefox?

    One other item I thought I would pass along...
    I noticed that the NVG589 gets terribly confused if a device behind it isn't setup properly first to be a static address.
    Here's the behavior: Say you have a router of your own and you intend to give it one of the addresses from your static IP block. You decide to set it up first and don't make the changes initially in the 589 to force it to be a static IP of some kind-- whether in the private or the public block. You configure the router in this case with DHCP. Your router starts handing out addresses in its own IP range however your configured it.
    But look what the 589 thinks is happening: it sees the DHCP client name associated with the same MAC address changing constantly. It makes entries for each different client name in its device list, sometimes aging out, sometimes not.
    Now trying to save the private IP will result in a "missing data" error. Worse, trying to change things to a public static IP will result in similar messages about the IP being in the wrong range.
    The same issue can also occur if the device was setup statically in the private range and you try to change it to a public static IP.
    The only way to fix this:
    1) If you intend to advertise the router on an IP from your static block, disconnect all devices from the router and the RG, except for the router you want to setup. Wait for the RG to see them as "offline" in the device list. Alternatively, if you intend to setup another device or server on a Static IP, make sure it is the only device connected to the RG.
    2) Switch the IP allocation to "Public"
    3) Renew the lease on the device
    4) Go into the IP Allocation page and fix the IP to one of the public static IPs from your pool
    5) Reconnect all devices.
    Generally, the best practice is to setup each static IP device before connecting any others to the RG.

  • Blocking all flash content with Opera

    Hi!
    How can I block all flash content except Youtube with Opera?
    Do you know any system wide methods to block flash (except youtube)?
    cheers

    Press F12 (or "Tools > Quick Preferences") and disable plug-ins. Then go to youtube.com, right-click and choose "Edit Site preferences". Add youtube.com (delete the www.) and enable plug-ins on the Content tab.
    Not all flash content on Youtube comes from youtube.com, so you probably have to create more exceptions over time.
    Last edited by byte (2008-10-03 16:25:52)

  • How can I set my content filtering to allow me to access all my email and applications

    I got an email and tried to view the information on the link but could not due to content filtering

    Hi ms.B,
    What are you using for content filtering?

  • RV220W - Content filtering not working (?)

    Hello, I bought a router model RV200W fw 1.0.1.0... nice toy.
    It all works very well with the exception of content filtering. The rule only works if connections are made with the HTTP protocol, but if the user connects with HTTPS, then the rule is not considered... (???)
    f.e.:
    http://facebook.com (content filtered)
    https://facebook.com (content NOT filtered)...
    What the hell ! where I'm wrong ?
    Does anyone is experiencing the same ?

    Yes, the correct title was "URL FILTERING NOT WORKING"...thanks abudef000
    I do not want be polemical, but I do not understand where I went wrong.
    Before I buy I looked @
    http://www.cisco.com/en/US/prod/collateral/routers/ps9923/ps11025/data_sheet_c78-630461.html
    Check it out.
    Could you assume that HTTPS URLs are not in the sentence "Static URL blocking, keyword blocking, approved URL" as stated in the product sheet ?

  • Time pattern to allow user breakthrough URLFilter over IOS content filtering

    hi
    i have a client did request me to create such thing for them over IOS content filtering + Trend Micro based subscrition (till this level i'm pretty not sure it is feasible or what)
    scenario would be:
    like group 1 of users are the martketing subnet, then setting the time from 0800 hour to 1700 hour are prohibited to access any of the block blackilist site (either from local and/or trend micro reputation / category blacklist URL)
    is there any way round i can enable the router to recognize the time then let user to gain access after 1700 hour?
    Can TCL do this? any other way round for this
    thank you
    Noel

    Hi Carlos,
    I am having the same problem.  I have seen a few diffenent configuration examples and they all show adding the "parameter type urlfpolicy trend parm-map-name" command but it doesn't exist, at least in 15.2(3)T1 and I see it listed in the the IOS documentation for 15.2.  Maybe they forgot it :-)
    I guess I will open a TAC case as I do not want to downgrade...
    I will keep you posted if I find the answer.
    Regards,
    Troy

  • IOS web content filtering cannot get trend micro filter

    hi, i just wondering how really i can get my router's content filtering connect to trps.trendmicro.com server again. previously it was success to get connect to the server, after i doing some changes on my zone-pair firewall then it cannot connect to the trend micro server anymore.
    sh ip trm subscription status showing that i successfully connected and registerd
    all the installation guide is doing accordingly,then i turn on my debug crypto pli validation and debug ip trm detail, all showing success connection to trendmicro site.
    parameter-map type trend-global <param> are pointing to the trps.trendmicro.com, my class-map and policy-map didn't have any changes since last success connection.
    zone-pair setting also attach with the right policy-map that serve for service-policy urlfilter <name>
    overall, after my zone-pair firewall is UP again, then my web content filtering is gone, while registeration is made..
    anyone have any idea what really happen?
    thanks
    Noel

    Hi Yongkhang,
    I think in order to figure out what is happening, we need to troubleshoot and see the config, data and other show commands.  I'm not sure if you would feel comfortable posting that here.  Therefore, i think its best to open up a case with tac on it so that it can be troubleshot to see why you cant access the trend micro server.
    can you let me know what you mean by when you turn on your ZBF, your web content filtering is gone.  Are you saying, when you turn on zbf, the web content filtering is no longer blocking or allowing sites?
    have you ran the following debugs?
    debug ip urlfilter detail
    debug ip urlfilter event
    debug ip url filter function-trace
    also, what does this show:
    show policy-map type inspect zone-pair urlfilter
    Are you sure you have the class maps in the proper order since its processed sequentially..
    regards,
    scott

  • IOS content filtering on trend micro subscription

    hi
    i just finish setup the IOS content filtering on C1841. basically it's combo of local filtering and Trend micro subscrition based. all the parameter-map, class-map, policy-map and zone firewall setting is up and ready to go.
    Some question to ask
    1. how do i examine trend micro content filtering on it REPUTATION and CATEGORIES is really working?
    as usual, after setup these command :
    paramater-map type trend-global MY-GLOBAL-PARAM
    server trps.trendmicro.com
    pamater-map type urlfpolicy trend MY-PARAM   
    allow-mode on
    block-pass message "bla-bla-bla"
    class-map type urlfilter trend match-any trend-block-categories
    match url catergory Adult-Mature-Content
    class-map type urlfilter trend match-any trend-block-reputation
    match url reputation ADWARE
    policy-map type inspect urlfilter MY-ACTION
      parameter type urlfpolicy trend MY-PARAM
      class type urlfilter trend trend-block-categories
      reset
      class type urlfilter trendtrend-block-reputation
      reset
    so for my zone firewall policy:
    policy-map type inspect out->in
    class type inspect trafic
    inspect
    service-policy urlfilter MY-ACTION
    then i do apply zone-pair to the outside and inside interface,everything set to go.
    so far what i can block is only using URL-blacklist to block the whole domain. anyway how can totally left to trend micro subscription license to do with it all?
    noel

    Hmm... no thoughts over the weekend. Anyone?

  • IOS Content Filtering

    Hello, I have just purchased content filtering for an SR520 and an 881.
    I find guides on Cisco.com relating to confiuration of filtering, but nothing with regards to reporting. I'm looking to log every time a page is denied, and what user (or IP) requested the blocked page.

    Yes there is acache you can configure under the parameter-map.
    You can also view it using command shown below
    IOSrouter# sh
    policy-map type inspect zone-pair urlfilter cache detail
    policy exists on zp zp
    Zone-pair: zp
    Service-policy inspect : trend-global-policy
    Class-map: www (match-all)
    Match: protocol http
    Inspect
    Maximum number of bytes in cache: 262144
    Time to live for each cache entry (in hrs): 24
    Total number of bytes used by cache: 453
    Number of bytes used by domain type cache: 353
    Number of bytes used by directory type cache: 100
            URL                                       Age         Idle time/        Cat::Rep
            (Directory cache
    end with /)  (day:h:m:s)
    access #
            yahoo.com                             0:16:47:30           2           56::1                                                                               
    ad.doubleclick.net                
    0:00:00:10           1           72::1                                                                                                                       
    static.eharmony.com/static../
    0:00:00:06  0:00:00:04     12::1
    Unfortunately you can't see who accessed them.
    I hope it helps.
    PK

  • High Amount of Spam on Exchange 2013 - Content Filtering is Enabled but Pfizer Spam Filling Up Everyone's Mailboxes

    Hello
    Previously I used Exchange 2010 with Forefront Threat Protection installed and this used to do a good job of stopping all the spam.
    However since updating to Exchange 2013 earlier this year and enabling the integrated spam filtering everyone noticed a sudden increase in the amount of spam which was getting through which has been bad for a long time.
    We have been living with it but in the last 3 weeks everyone has started getting about 40 emails a day from Pfizer for Viagra. All these seem to defeat the content filtering as Viagra is spelt with an extra I and the email address is always different.
    Also images in emails are blocked by default but somehow all the images on these spam messages appear for everyone.
    I am not sure the spam filtering is working at all and I'm not sure how to tell as ForeFront gives you a nice graphical dashboard but I can find nothing similar to this in Exchange and PowerShell seems the only way to configure the limited functionality
    of the content filter.
    Is there any way to get rid of these messages as it doesn't look very good when they are constantly popping up for everyone?
    Thanks
    Robin
    Robin Wilson

    Hello ManU
    Thanks for the reply.
    I have checked the logs and see this quite often:
    AcceptMessage,,SCL,not available: policy is disabled
    But other times it says this:
    RejectMessage,550 5.7.1 Message rejected as spam by Content Filtering
    Which seems to indicate it is rejecting some.
    This is what one of the email headers look like:
    Received: from RWS-MAIL.rwsservices.net (192.168.2.151) by
    RWS-MAIL.rwsservices.net (192.168.2.151) with Microsoft SMTP Server (TLS) id
    15.0.775.38 via Mailbox Transport; Sat, 28 Dec 2013 10:59:26 +0000
    Received: from RWS-MAIL.rwsservices.net (192.168.2.151) by
    rws-mail.rwsservices.net (192.168.2.151) with Microsoft SMTP Server (TLS) id
    15.0.775.38; Sat, 28 Dec 2013 10:58:38 +0000
    Received: from [90.169.106.204] (90.169.106.204) by mail.rwsservices.net
    (192.168.2.151) with Microsoft SMTP Server id 15.0.775.38 via Frontend
    Transport; Sat, 28 Dec 2013 10:58:37 +0000
    Date: Sat, 28 Dec 2013 12:05:58 +0200
    From: US.Pfizer eStore <[email protected]>
    To: robin.wilson <[email protected]>
    Message-ID: <[email protected]>
    Subject: Dear robin.wilson up to 65% OFF!
    X-Mailer: Airmail (223)
    MIME-Version: 1.0
    Content-Type: multipart/mixed; boundary="dd2ee3ea_586bb9e4_6f04"
    Return-Path: [email protected]
    X-MS-Exchange-Organization-PRD: 001-taxis.co.uk
    X-MS-Exchange-Organization-SenderIdResult: Neutral
    Received-SPF: Neutral (rws-mail.rwsservices.net: 90.169.106.204 is neither
    permitted nor denied by domain of [email protected])
    X-MS-Exchange-Organization-Network-Message-Id: e8825204-1f32-48be-a331-08d0d1d30209
    X-MS-Exchange-Organization-SCL: 1
    X-MS-Exchange-Organization-PCL: 2
    X-MS-Exchange-Organization-Antispam-Report: DV:3.3.13223.464;SID:SenderIDStatus Neutral;OrigIP:90.169.106.204
    X-EXCLAIMER-MD-CONFIG: 079171ba-394f-46d5-a160-56e416712e8e
    X-MS-Exchange-Organization-AVStamp-Enterprise: 1.0
    X-MS-Exchange-Organization-AuthSource: rws-mail.rwsservices.net
    X-MS-Exchange-Organization-AuthAs: Anonymous
    The emails use a different sender email address every time and there is always a poem in very light grey writing in the body of the email. The drugs are always misspelt as well. Is this why these are getting through?
    Thanks
    Robin
    Robin Wilson

  • SA 520 blocking some URLs and IM

    I have an SA520 that is configured with 3 NAT rules in firewall. These rules allow a local server to be exposed for 3 specific services. Everything else is disabled. There is no content filtering for example.
    The problem: None of our users are able to use Windows Live Messenger or access certain sites such as www.hotmail.com.
    I suspect the device is blocking URLs that redirect. I see that hotmail.com is redirected to a mail.live.com.
    Any ideas?
    Thanks very much.

    I think you are trying to expose some services in the LAN to the outside world
    If that is the case, instead of creating FW rules from "
    /* Style Definitions */
    table.MsoNormalTable
    {mso-style-name:"Table Normal";
    mso-tstyle-rowband-size:0;
    mso-tstyle-colband-size:0;
    mso-style-noshow:yes;
    mso-style-priority:99;
    mso-style-qformat:yes;
    mso-style-parent:"";
    mso-padding-alt:0in 5.4pt 0in 5.4pt;
    mso-para-margin:0in;
    mso-para-margin-bottom:.0001pt;
    mso-pagination:widow-orphan;
    font-size:11.0pt;
    font-family:"Calibri","sans-serif";
    mso-ascii-font-family:Calibri;
    mso-ascii-theme-font:minor-latin;
    mso-hansi-font-family:Calibri;
    mso-hansi-theme-font:minor-latin;
    mso-bidi-font-family:"Times New Roman";
    mso-bidi-theme-font:minor-bidi;}
    INSECURE WAN -> SECURE LAN"
    you should create FW rules from "
    /* Style Definitions */
    table.MsoNormalTable
    {mso-style-name:"Table Normal";
    mso-tstyle-rowband-size:0;
    mso-tstyle-colband-size:0;
    mso-style-noshow:yes;
    mso-style-priority:99;
    mso-style-qformat:yes;
    mso-style-parent:"";
    mso-padding-alt:0in 5.4pt 0in 5.4pt;
    mso-para-margin:0in;
    mso-para-margin-bottom:.0001pt;
    mso-pagination:widow-orphan;
    font-size:11.0pt;
    font-family:"Calibri","sans-serif";
    mso-ascii-font-family:Calibri;
    mso-ascii-theme-font:minor-latin;
    mso-hansi-font-family:Calibri;
    mso-hansi-theme-font:minor-latin;
    mso-bidi-font-family:"Times New Roman";
    mso-bidi-theme-font:minor-bidi;}
    SECURE LAN ->INSECURE WAN"
    Otherwise, you will block some traffic from the outside world to the LAN

Maybe you are looking for

  • Error:"Linking Primary purshase account has not been completed"

    hi i am using 2004.2B when i am accessing goods receipt or goods return in purchase A/P i am getting this error  pls help me out regarding this

  • HOW TO RUN THE APPLET IN JAR?

    Hi, I have an simple applet . I have created the jar file for the applet using the jar utility. 1. I would Like to make my applet run simply by double clicking of the jar file. 2. I have included in the manifest file manifest.inf the main-class file.

  • Mouse-over pic A to make pop up pic B ...

    Hi there! Could need a quick solution for this, cause my (too) limited HTML knowledge doesn't help a bit ... I have a permanent picture A which, while mouse-over, should make picture B pop up. A mouse-over at picture B area (which is again invisible

  • RM887 - Error in MFBF

    Hi, While doing MFBF (via BAPI) I am getting error "change rem profile regarding generation of postprocessing records" Message No RM 887. I am using same REM profile for many other materials for which MFBF is working fine. There are no COGI errors pe

  • Final Cut Pro 5.1.4 - with Leopard / Snow Leopard?

    I may have to upgrade from Tiger to Leopard (to cope with a PTLE requirement). Will 5.1.4 still work, and if not, what will I have to do? Thanks Tom