[Trend Micro Ios content filtering] parameter-type command under policy map not available

Similar Messages

• IOS content filtering on trend micro subscription

  hi
  i just finish setup the IOS content filtering on C1841. basically it's combo of local filtering and Trend micro subscrition based. all the parameter-map, class-map, policy-map and zone firewall setting is up and ready to go.
  Some question to ask
  1. how do i examine trend micro content filtering on it REPUTATION and CATEGORIES is really working?
  as usual, after setup these command :
  paramater-map type trend-global MY-GLOBAL-PARAM
  server trps.trendmicro.com
  pamater-map type urlfpolicy trend MY-PARAM   
  allow-mode on
  block-pass message "bla-bla-bla"
  class-map type urlfilter trend match-any trend-block-categories
  match url catergory Adult-Mature-Content
  class-map type urlfilter trend match-any trend-block-reputation
  match url reputation ADWARE
  policy-map type inspect urlfilter MY-ACTION
    parameter type urlfpolicy trend MY-PARAM
    class type urlfilter trend trend-block-categories
    reset
    class type urlfilter trendtrend-block-reputation
    reset
  so for my zone firewall policy:
  policy-map type inspect out->in
  class type inspect trafic
  inspect
  service-policy urlfilter MY-ACTION
  then i do apply zone-pair to the outside and inside interface,everything set to go.
  so far what i can block is only using URL-blacklist to block the whole domain. anyway how can totally left to trend micro subscription license to do with it all?
  noel

  Hmm... no thoughts over the weekend. Anyone?

• Time pattern to allow user breakthrough URLFilter over IOS content filtering

  hi
  i have a client did request me to create such thing for them over IOS content filtering + Trend Micro based subscrition (till this level i'm pretty not sure it is feasible or what)
  scenario would be:
  like group 1 of users are the martketing subnet, then setting the time from 0800 hour to 1700 hour are prohibited to access any of the block blackilist site (either from local and/or trend micro reputation / category blacklist URL)
  is there any way round i can enable the router to recognize the time then let user to gain access after 1700 hour?
  Can TCL do this? any other way round for this
  thank you
  Noel

  Hi Carlos,
  I am having the same problem.  I have seen a few diffenent configuration examples and they all show adding the "parameter type urlfpolicy trend parm-map-name" command but it doesn't exist, at least in 15.2(3)T1 and I see it listed in the the IOS documentation for 15.2.  Maybe they forgot it :-)
  I guess I will open a TAC case as I do not want to downgrade...
  I will keep you posted if I find the answer.
  Regards,
  Troy

• IOS Content Filtering Using TrendMicro: Can I customize the block-page redirect-url?

  I have IOS content filtering using the Trend Micro subscription service working on a 2911 running 15.1.(3)T3 with the security license option and a 30 day demo Trend subscription.
  Once I figured out that the content filtering for Trend appears to be completely broken in 15.2 (even using docs for 15.2) I went back to 15.1 and it works great.
  Everything seems great so far except I would like to have a more 'fancy' or custom blocked page where a user can have a couple links to either go to the trend micro reporting page http://global.sitesafety.trendmicro.com/result.php or some other page, and maybe some branding so they know the page is coming from our network and is not some fake security thing or phishing attempt or whatever.
  I know I can use the 'parameter-map type urlfpolicy trend ' section to do a tiny bit of customization of the text that appears on the default blocked page display and there is an option for it to go to a simple redirect instead ('block-page redirect-url') but I wonder if anyone has any ideas on how to do more with either the built in page or the redirect-url to keep the information of what page the user was trying to access and why it was blocked (category etc.) while adding more features.
  Thanks!
  Oh, one last thing, this doesn't support any kind of 'user override' or anything like that does it? So that a network can have a filter applied but an admin could override the filtering to allow temporary access to something?

  Hmm... no thoughts over the weekend. Anyone?

• Expiring ios content filtering

  hello
  now that IOS Content Filtering using Trend Micro is EOL and replaced by ScanSafe, can someone tell if ScanSafe is a subscription based and what are the new SKUs for ScanSafe
  thanks

  Yeah, Scansafe won't work until you purchase the subscription, and get that activated within the cloud since it is Web Security on the cloud solution.
  Try to contact [email protected], and let them know your country and ask them if they can refer you to a local Sales Rep for ScanSafe.

• IOS Content Filtering - Is No More ?

  Cisco very quickly End of Lifed the IOS Content Filtering offering last year
  http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6586/ps6643/eol_c51-698205.html
  For something with a minimum of a yearly lic involved, the EOL timing is shocking - you could have ordered product with a 1 year lic and come back now to find the offering is now dead (as in our case) so much for ROI !
  Cisco are pushing Scansafe as their current offering, which has probably led toa  falling out with Trend who provided the underlying service for
  IOS Content Filtering. Scansafe does not economically cover the low end application, for which IOS Content Filtering was ideal i.e SMB space with 8xx or low end ISR routers. The Cisco answer is basically "perhaps you want to go and investigate solutions form other suppliers"
  So we are left with a router platform which is fine and  content filtering which was fine but are now unable to re-licence the URL filtering service and will stop working in about 30 days and there is apparently nothing we can do about it
  Does anyone know if Trend still operate the URL filtering subscription service and whether theire is a way of geting a subscription renewal direct ?
  (i'm not holding my breath on that - I am guessing the IOS content filtering hooks for the service being certificate based + Cisco license process will make that hard for anyone but Cisco)
  Or of any alternative simple and cost effective solution we can configure the router to use
  (please tell me we're not back to SurfControl/Websense solutions again..)
  thanks
  Sez

  Approached the Cisco AM - frankly there was little or no interest in fixing such a low value problem. The spin was the Trend relationship ending was beyond Cisco control and Cisco hands tied - i.e. its not our fault (but strangely the problem is the customers)
  Yes we could get some TMP discount - against the original hardware purchase but the hardware for lowend installs is negligible, it is the services time/cost in getting solution (and any replacement) into deployment which is the costly part and TMP makes no allowance for that.
  Also scansafe solution is much more expensive, compared to IOS URL Filtering, so even taking off the minor TMP discount the answer form Cisco is basically - yep spend more money with us and we'll fix the problem we created for you. And why is there so little normal info on Cisoc.com for scansafe - i.e. covering SKU/ordering models etc... It always just ays 'ask your Cisco AM for details' - that may have worked when Scansafe was a separate company but a Cisco AM is unlikely to even answer the phone to talk about a $3K order
  If Cisco really wanted to protect customer investment, why couldn't it provide through Scansafe a replacement service for IOS URL Filtering service, at similar cost and pricing model to that provided by the Trend integration? i.e. same kit, same config but pointed at scansafe cloud rather than Trend cloud. Then there would be no issue and a clean migration path provided for Ciscos valued customers
  Probably answering my own question but scansafe appears to return to a cost related to the user count, whereas IOS URL Filtering service was a simple one off cost per router. This was ideal for low end application (the ISR800 series size of deployment) and comparable scansafe is way more expensive.
  I have found we are not alone in this, most customers are only finding out about this mess when existing IOS URL Filtering licence's expire and go for renewal only to find the 3 month EOL process has stealthily boatanchored their implementation.
  Sez

• Photoshop CS6 error : Could not complete the video flames  to layers command because Dynamiclink is not available

  i can´t import videos and mp3  photoshop cs6 error : Could not complete the video flames  to layers command because Dynamiclink is not available .... what it means? who can i fix it?

  Unfortunatly, the 32 bit versions of windows doesn't support video in photoshop cc.
  see this post:
  http://forums.adobe.com/message/5802978#5802978

• Lost preferences and when requesting a batch operation  the  error "The command "Batches" is currently not available."

  For CS6 when I started to work again I had lost screen preferences and when tried to run a batch operation I got the message "The command "Batches" is currently not available."  Where are these files stored and how can I restore them?

  Found IT !!!   For Windows - go to users appdata folder and windows has a file restore function.  restored Actions Palette.psp and Adobe Photoshop X64 CS6 Prefs.psp files to previous versions.  Works great.
  Alvin55

• My type on path option is not available in Adobe Illustrator CS6, how do I activate it?

  My type on path option is not available in Adobe Illustrator CS6, how do I activate it?

  I got it to work never mind

• IOS Content Filtering

  Hello, I have just purchased content filtering for an SR520 and an 881.
  I find guides on Cisco.com relating to confiuration of filtering, but nothing with regards to reporting. I'm looking to log every time a page is denied, and what user (or IP) requested the blocked page.

  Yes there is acache you can configure under the parameter-map.
  You can also view it using command shown below
  IOSrouter# sh
  policy-map type inspect zone-pair urlfilter cache detail
  policy exists on zp zp
  Zone-pair: zp
  Service-policy inspect : trend-global-policy
  Class-map: www (match-all)
  Match: protocol http
  Inspect
  Maximum number of bytes in cache: 262144
  Time to live for each cache entry (in hrs): 24
  Total number of bytes used by cache: 453
  Number of bytes used by domain type cache: 353
  Number of bytes used by directory type cache: 100
          URL                                       Age         Idle time/        Cat::Rep
          (Directory cache
  end with /)  (day:h:m:s)
  access #
          yahoo.com                             0:16:47:30           2           56::1                                                                               
  ad.doubleclick.net                
  0:00:00:10           1           72::1                                                                                                                       
  static.eharmony.com/static../
  0:00:00:06  0:00:00:04     12::1
  Unfortunately you can't see who accessed them.
  I hope it helps.
  PK

• IOS content filtering on 29xx

  IOS content fitlering through trend micro has been discontinued on 2800's (now) and 2900's (December 2012).
  1. Is there a replacement solution for cloud based URL filtering on 2800's?
  2. Looking at ScanSafe ISR Web Security on 2900's which I believe will work similar to TRM. I can't seem to find any SKUs for this solution through. Anyone knows anything about this?

  Hmm... no thoughts over the weekend. Anyone?

• How can I achieve IOS content filtering using a Cisco router

  Good day Everybody.
  I would like to set up content filtering using IOS on my Cisco router. I already know how to do URL filtering but I want to restrict access to sites based on categories.
  Is this possible without having to introduce an external device?

  Natively in IOS this is not possible. However you can configure CWS (Cisco Web Security). The router will forward web requests to a cloud based web security service.
  http://www.cisco.com/en/US/prod/collateral/vpndevc/ps10142/ps11720/data_sheet_c78-729637.html

• Where does iWeb save the contents of my website now that iDisk is not available?

  With the latest change to iCloud and iDisk not available anymore, where does iWeb save the contents of websites?
  I looked for the files undel Library/Application Support/....but could not find the iWeb folder.
  Any ideas please?
  Thank you.

  In Lion the Library folder is now invisible. To make it permanently visible enter the following in the Terminal application window: chflags nohidden ~/Library and hit the Enter button - 10.7: Un-hide the User Library folder.
  To open your domain file in Lion or to switch between multiple domain files Cyclosaurus has provided us with the following script that you can make into an Applescript application with Script Editor. Open Script Editor, copy and paste the script below into Script Editor's window and save as an application.
  do shell script "/usr/bin/defaults write com.apple.iWeb iWebDefaultsDocumentPath -boolean no"delay 1
  tell application "iWeb" to activate
  You can download an already compiled version with this link: iWeb Switch Domain.
  Just launch the application, find and select the domain file you want to open and it will open with iWeb. It modifies the iWeb preference file each time it's launched so one can switch between domain files.
  WARNING: iWeb Switch Domain will overwrite an existing Domain.sites2 file if you select to create a new domain in the same folder.  So rename your domain files once they've been created to something other than the default name.
  OT

• Trend Micro Interscan URL Filtering policies not working

  I have just inherited a ASA 5520 with a TrendMicro InterScan for CSC SSM (version 6.6.1125.0) with both Base and Plus licenses. We have several URL filtering policies setup with AD group checking via the Domain Controller Agents. These rules are currently in the order of most strict (only a couple of explicitly identified users and one IP address), then two different policies that block less content than the global list (each assigned to LDAP list based on AD group membership), then our global URL Filtering policy.
  The most common problem I have is when I try to open a site for one of the LDAP groups the site does not become accessible until I also add it to the HTTP Exceptions list on the Global Policy thus opening it for all users.
  Any suggestions?

  /* Style Definitions */
  table.MsoNormalTable
  {mso-style-name:"Table Normal";
  mso-tstyle-rowband-size:0;
  mso-tstyle-colband-size:0;
  mso-style-noshow:yes;
  mso-style-priority:99;
  mso-style-qformat:yes;
  mso-style-parent:"";
  mso-padding-alt:0in 5.4pt 0in 5.4pt;
  mso-para-margin-top:0in;
  mso-para-margin-right:0in;
  mso-para-margin-bottom:10.0pt;
  mso-para-margin-left:0in;
  line-height:115%;
  mso-pagination:widow-orphan;
  font-size:11.0pt;
  font-family:"Calibri","sans-serif";
  mso-ascii-font-family:Calibri;
  mso-ascii-theme-font:minor-latin;
  mso-fareast-font-family:"Times New Roman";
  mso-fareast-theme-font:minor-fareast;
  mso-hansi-font-family:Calibri;
  mso-hansi-theme-font:minor-latin;
  mso-bidi-font-family:Arial;
  mso-bidi-theme-font:minor-bidi;}
  Thanks,
  Right now I removed tick form Leisure Time. But everything is open which I blocked.
  But I wanna blocking 24hrs but During 7 to 8 I wanna leisure time.
  If I tick marked all categories for both Work and Leisure then all things blocked
  If I removed tick from Leisure column then everything open…
  Kindly View attached Screen Shot

• CS2 Error message.= The command "pdf presentation" is not available at this time.

  CS2 and Bridge will not make any pdfs'
  CS2 has been un-installed and re-installed twice from disc without solving problem. 
  I will download CS2 from Adobe as my next step, however my CS2 disc would have to be de-activated and there is no activation server for CS2 anymore.
  http://www.adobe.com/downloads/cs2_downloads/index.html.
  System info:
  Windows Vista
  Intel CPU 2399 Mhz
  Memory 4094MB
  Does anyone have any solutions to bring back "pdf presentation"?
  Also, is there a way to upgrade the raw plugin folder to be able to read the current raw formats?
  Thank you
  Barry
  [email protected]

  Did if ever work since putting cs2 on windows vista?
  Does the pdf presentation work if you invoke the command in photoshop proper instead of bridge?
  File>Automate>PDF Presentation.
  I really don't think using the adobe cs2 download will make any difference as either your bridge and/or photoshop preferences could be corrupted
  and you should try resetting those as they are not reset during a unistall/reinstall of cs2.
  Reset photoshop preferences:
  http://forums.adobe.com/thread/375776?tstart=0
  Reset bridge preferences:
  Reset Bridge by holding Option(Mac) or Ctrl (Pc) as soon as you click on the icon to start it.
  ADD -  If done properly you will get a reset window with 3 options.