URL / Web content filter
hello all! We are currently looking to replace our PIX 515e's with something newer. The hang up is we want to look at something else besides Websense for our URL / Web Content filtering specifically because of price on renewal's. We do not currently have IDS / IPS in place unless you count the Websense as doing that (maybe just a little bit?) and it would be nice to add that capability. I've had experience with the Palo Alto box as a UTM in the past however we want to stick with Cisco where I'm at presently. So what we're looking at is the new ASA 5515-X or 5525-X (HA pair) with IPS plus something else for the web filtering side (besides Websense). We're getting quotes on the IronPort S160 however my guess is it's going to be just as pricy as Websense, probably the same for Scan Safe. Right now we're at about 300 users but are looking to double that in the next year. What are some other good solutions out there? Easey to manage would be nice, less expensive would be nice, effective would be nice. Can we get that all together?
Don't know about traffic from multiple networks. Offhand, I can't think of why this would be a problem for squid itself, other than it may complicate the config a little bit -- but it may not. I did a quick Google and didn't see anything that indicated it may be a problem, but I probably didn't click as many links as you did
Squid is just one option. The disadvantage of squid compared to a paid-for service, in my opinion, is that you either have to get lists from somewhere or manually create your own block and allow lists. Because of that, I use a combination of OpenDNS to block the obvious like porn, and then I use squid for more granular control like managament can view job searching sites, but other users cannot.
With squid, you have so many options though. For example, you could setup a scheduled task to download current lists from your source of choice and apply them to squid ACLs.
I am a much smaller shop though, so this works for me. 300-600 users changes things up a little depending on what you want to accomplish.
Similar Messages
-
Web content filter and shockwave
Hi! I am using in my organization Squid proxy with DansGuardian as web content filter. The problem that i'm facing is that when i visit a site that uses shockwave,i get the messagethat " the Xtra package failed to initialize.. ". This problem is brought up by using DansGuardian, because when i use squid everything works fine.
With the previous version of shockwave i had added as exceptions in url and site lists the following paths and everything worked fine:
adobe.com
download.macromedia.com/pub/shockwave/cabs/director/sw.cab#version=8,5,0
download.macromedia.com/pub/shockwave/cabs/director/sw.cab
get.adobe.com/shockwave/Try Settings > Wifi > your checked network > HTTP Proxy: Off
-
App store icon gone missing/Web Content Filter - Apple Configurator
I am using Apple Configurator to manage the iPads at my school. I changed the settings on my school's profile, within Apple Configurator, so that the App store was not available. The App store icon disappeared and all was good. I decided to change the settings back, to allow the App store, saved the settings and refreshed a group of iPads. The App store icon is still missing and it doesn't appear that my new settings have been applied. I quit Configurator and tried again, but no success. I am running Configurator 1.5 and the ipads are running iOS 7.1.
Also, I have unchecked the "Allow use of You Tube" button because I want You Tube disabled, but Configurator still allows the use of You Tube through Safari. Is there any way to disable the use of You Tube without using the ridiculous "Web Content Filter", that when activated, limits adult content (good), which seems to include a lot of valuable educational sites (bad)? To me the only other option available seems to be to tick "Specific Websites Only" and spend the next year typing in all the possible sites that might have educational merit, ergo, my use of the word 'ridiculous'. Is there something I am missing?Locate it in the Apps folder and drag it to the dock.
-
Cannot get URL web part filter to pass Parameter to List web part
How do I wire an out-of-the-box URL web part filter to a SharePoint 2013 list (or "app" as renamed in 2013) web part when the list has a parameter?
My SharePoint list uses a parameter because it needs a Contains filter, as in
<Where>
<Contains>
<FieldRef Name="MyFieldName"/>
<Value Type="Note">{MyParam}</Value>
</Contains>
</Where>
The ParameterBinding is defined simply.
<ParameterBinding Name="CohortParam" DefaultValue=""/>
It has had Location="None" in the past, but another forum entry that I read suggested removing that.
When I add the list (or "app" in SharePoint 2013) to a web part page and also add a URL Filter web part, the URL filter cannot see the parameter. The menu chain Connection >> Send Filter Values To >> [My List web part name] shows
the dialogue. On the "Choose Connection" tab, I choose "Get Parameter Values From". Clicking the "Configure" button results in the "Configure Connection" tab having the message "The Consumer Web Part did not
provide schema information".Hi Randy,
You need to change the "MyParam" to "CohortParam", for parameterbinding element we need to add the location attribute as below codeline, then when we use the QueryString "CohortParam" with value in url, it will directly
filter the list web part items without adding URL Filter web part.
<ParameterBinding Name="CohortParam" Location="QueryString(CohortParam)" DefaultValue=""/>
I attached my resutls as below image (also "MyParam" can be changed to "CohortParam" if you want), you can take a look.
Thanks,
Daniel Yang
Forum Support
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact
[email protected]
Daniel Yang
TechNet Community Support -
Web content filter not working on Mavericks clients PC
Hi,
I recently installed osx mavericks server on a Mac mini and successfully enrolled and tested profile pushes to iphone 4's and iPad 2's. Last night I tried an rolling a MacBook Pro running mavericks and it seems to work okay but the testing wasn't all that good. I can push changes to the dock for example and they work okay but when trying to push changes like not allowing game centre or enabling parental controls, the settings are saying they were successfully pushed but aren't working. I could still access the game centre and adult web content that I was trying to restrict.
Any ideas? Has anyone's else had this problem and fixed it?This seems to also now be resolved, well at least I think so. I'm able to push update from the Mavericks server to an MBP including web restrictions and usable items in the System Preferences. I think it was initially it took a few minutes for the pushed settings to be effective. Maybe I was too impatient
The thing with restricting Game Center was interesting. I thought it would have removed the icon/app link completely but it doesn't. All it seems to do is prevent users from logging in. The Sign In button is disabled. -
What's the best Web content filter for managing client's on our network
We have a somewhat mini scale network. We have anywhere from 40 to 60 ranging from WLan and Lan devices. Right now we have been using opendns for content filtering but we would like to limit certain sites to just certain groups and if someone goes onto a site they shouldn't then what we would like to know is the IP of the user and there mac address If we could somehow find a captive portal software or hardware that would be perfect because it takes a lot of guess work out of things. We use Apple Wireless router's and run 2 server's one running Mac OSX Server 10.6.7 and a 2nd server running the same which act's as our OD replica
So my question is what do you guys use?
Were looking for the more user friendly the better and by that i mean I don't want to be using ww-rt on some router or something
Thank you for your time.Johnny.Danger wrote:
We have a somewhat mini scale network. We have anywhere from 40 to 60 ranging from WLan and Lan devices. Right now we have been using opendns for content filtering but we would like to limit certain sites to just certain groups and if someone goes onto a site they shouldn't then what we would like to know is the IP of the user and there mac address If we could somehow find a captive portal software or hardware that would be perfect because it takes a lot of guess work out of things. We use Apple Wireless router's and run 2 server's one running Mac OSX Server 10.6.7 and a 2nd server running the same which act's as our OD replica
So my question is what do you guys use?
Were looking for the more user friendly the better and by that i mean I don't want to be using ww-rt on some router or something
Thank you for your time.
Have a look at Vicomsoft and their Intergate Inspect package. This runs on a Mac server and lets you link to Open Directory for authenticating users and lets you set filtering for users or for groups of users. Sounds exactly what you want.
See http://www.vicomsoft.com/products/filter/index.html -
Apple Configurator Web Content Filtering Question
I manage a few K12 classroom sets of iPods via Apple Configurator and I have a younger classroom that wants to limit web access to a few sites and I have been trying to adjust the profile in Apple Configurator to make this happen but it doesn't work.
I open the profile and go to the Web Content Filter option and add a payload to only allow specific websites and enter the URLs and apply the updated profile to the supervised device but I can still get anywhere I want in Safari. I have tried this process for an hour now to no avail and can't seem to find anything online.
The only thing I can think of is that this option to limit to specific sites is only available to iOS 7(?). We own quite a few of the 4th generation iPod Touches that are obviously denied this upgrade and so am looking for any help or validation that this option in Apple Configurator is available only to iOS 7 supervised devices???
Thanks.Here is my answer as per an email from Chris C. a Systems Engineer for Apple Education:
That was a new feature added with Apple Configurator 1.4 and works with iOS 7 supervised devices. I will research this a bit more to see if there is a way around this to work with iOS 6 devices and will follow up with you shortly.
I understand that you cannot always support "older" operating systems but am truly frustrated with Apple's lack of support on iOS 6 devices when this is what so many K12 schools will have... -
Configurator not saving changes (Web Content)
Hi.
I am new to configurator.
I have applied a base profile (many different settings) together with a separate profile for restricted websites.
The base filter's 'Web Content Filter' is not set.
The 'TwinsWebFilter' only has one payload ...the Web Content Filter.
I have two issues.
1. I can limit to Specific Websites. I add http://www.bbc.co.uk to the list and apply. This seems to filter all sites except the BBC (good) AND Apple.com. It does not seem to block Apple.com even though it is not in the whitelist. How do I block it? How do I know what other sites have not been blocked?
2. When I double click on the policy within the 'supervise' panel, it opens for editing. I click on the 'Web Content Fillter' and it shows that it is back to 'Limit Adult Content' ... even though I had saved it as specific websites only. When I choose the 'specific' option, I see the site (BBC) that I has already added. I am obviously concerned that when the iPad is refreshed next time, it will be refreshed to the 'adult' section without my knowing. Are there any other profile setting that may conflict with my choice of 'Specific sites only'?
Thanks.HI Lee,
I am facing the same issue.
Were U able to resolve this Or any work around ?
_vishal -
IOS web content filtering cannot get trend micro filter
hi, i just wondering how really i can get my router's content filtering connect to trps.trendmicro.com server again. previously it was success to get connect to the server, after i doing some changes on my zone-pair firewall then it cannot connect to the trend micro server anymore.
sh ip trm subscription status showing that i successfully connected and registerd
all the installation guide is doing accordingly,then i turn on my debug crypto pli validation and debug ip trm detail, all showing success connection to trendmicro site.
parameter-map type trend-global <param> are pointing to the trps.trendmicro.com, my class-map and policy-map didn't have any changes since last success connection.
zone-pair setting also attach with the right policy-map that serve for service-policy urlfilter <name>
overall, after my zone-pair firewall is UP again, then my web content filtering is gone, while registeration is made..
anyone have any idea what really happen?
thanks
NoelHi Yongkhang,
I think in order to figure out what is happening, we need to troubleshoot and see the config, data and other show commands. I'm not sure if you would feel comfortable posting that here. Therefore, i think its best to open up a case with tac on it so that it can be troubleshot to see why you cant access the trend micro server.
can you let me know what you mean by when you turn on your ZBF, your web content filtering is gone. Are you saying, when you turn on zbf, the web content filtering is no longer blocking or allowing sites?
have you ran the following debugs?
debug ip urlfilter detail
debug ip urlfilter event
debug ip url filter function-trace
also, what does this show:
show policy-map type inspect zone-pair urlfilter
Are you sure you have the class maps in the proper order since its processed sequentially..
regards,
scott -
Really Slow web surfing through ZBF with IOS Content filter
Edited: attached partial output of "sh policy-map type inspect zone-pair urlfilter"
Hey, all
We have a 1921 router with IOS Content filter subscribsion and it is also configured as ZBF running latest IOS v15.1. End-user keep complaining about slow web surfing. I connected to network and tested myself and found intermittent surfing experience.
For example, access to www.ibm.com or www.cnn.com hangs 7 times of 10 attempts and maybe only loads reasonablly quick in 1-2 time of the 3. This also affects the speed of download from websites.
I have the case openned with Cisco TAC and CCIE checked my configure but nothing caught his eyes...
I decide to post the issue here in case we both missed something:
Current configuration : 18977 bytes
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname abc_1921
boot-start-marker
boot system flash:/c1900-universalk9-mz.SPA.151-4.M4.bin
boot-end-marker
aaa new-model
aaa authentication login default local
aaa authentication login NONE_LOGIN none
aaa authorization exec default local
aaa session-id common
clock timezone AST -4 0
clock summer-time ADT recurring 3 Sun Mar 2:00 2 Sun Nov 2:00
no ipv6 cef
ip source-route
ip auth-proxy max-login-attempts 5
ip admission max-login-attempts 5
ip cef
ip dhcp excluded-address 192.168.1.1 192.168.1.9
ip dhcp excluded-address 192.168.1.111 192.168.1.254
ip dhcp pool DHCPPOOL
import all
network 192.168.1.0 255.255.255.0
domain-name abc.local
dns-server 192.168.10.200 192.168.10.202
netbios-name-server 4.2.2.4
default-router 192.168.1.150
option 202 ip 192.168.1.218
lease 8
ip domain name abc.locol
ip name-server 8.8.8.8
ip name-server 4.2.2.2
ip port-map user-port-1 port tcp 5080
ip port-map user-port-2 port tcp 3389
ip inspect log drop-pkt
multilink bundle-name authenticated
parameter-map type inspect global
log dropped-packets enable
parameter-map type urlfpolicy trend cprepdenyregex0
allow-mode on
block-page message "The website you have accessed is blocked as per corporate policy"
parameter-map type urlf-glob cpaddbnwlocparapermit2
pattern www.alc.ca
pattern www.espn.com
pattern www.bestcarriers.com
pattern www.gulfpacificseafood.com
pattern www.lafermeblackriver.ca
pattern 69.156.240.29
pattern www.tyson.com
pattern www.citybrewery.com
pattern www.canadianbusinessdirectory.ca
pattern www.homedepot.ca
pattern ai.fmcsa.dot.gov
pattern www.mtq.gouv.qc.ca
pattern licenseinfo.oregon.gov
pattern www.summitfoods.com
pattern www.marine-atlantic.ca
pattern www.larway.com
pattern www.rtlmotor.ca
pattern *.abc.com
pattern *.kijiji.ca
pattern *.linkedin.com
pattern *.skype.com
pattern toronto.bluejays.mlb.com
pattern *.gstatic.com
parameter-map type urlf-glob cpaddbnwlocparadeny3
pattern www.facebook.com
pattern www.radiofreecolorado.net
pattern facebook.com
pattern worldofwarcraft.com
pattern identityunknown.net
pattern static.break.com
pattern lyris01.media.com
pattern www.saltofreight.com
pattern reality-check.com
pattern reality-check.ca
parameter-map type ooo global
tcp reassembly timeout 5
tcp reassembly queue length 128
tcp reassembly memory limit 8192
parameter-map type trend-global global-param-map
cache-size maximum-memory 5000
crypto pki token default removal timeout 0
crypto pki trustpoint Equifax_Secure_CA
revocation-check none
crypto pki trustpoint NetworkSolutions_CA
revocation-check none
crypto pki trustpoint trps1_server
revocation-check none
crypto pki trustpoint TP-self-signed-3538579429
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3538579429
revocation-check none
rsakeypair TP-self-signed-3538579429
!! CERTIFICATE OMITED !!
redundancy
ip ssh version 2
class-map type inspect match-any INCOMING_VPN_TRAFFIC_MAP
match access-group name REMOTE_SITE_SUBNET
class-map type inspect match-all PPTP_GRE_INSPECT_MAP
match access-group name ALLOW_GRE
class-map type inspect match-all INSPECT_SKINNY_MAP
match protocol skinny
class-map type inspect match-all INVALID_SOURCE_MAP
match access-group name INVALID_SOURCE
class-map type inspect match-all ALLOW_PING_MAP
match protocol icmp
class-map type urlfilter match-any cpaddbnwlocclasspermit2
match server-domain urlf-glob cpaddbnwlocparapermit2
class-map type urlfilter match-any cpaddbnwlocclassdeny3
match server-domain urlf-glob cpaddbnwlocparadeny3
class-map type urlfilter trend match-any cpcatdenyclass2
class-map type inspect match-all cpinspectclass1
match protocol http
class-map type inspect match-any CUSTOMIZED_PROTOCOL_216
match protocol citriximaclient
match protocol ica
match protocol http
match protocol https
class-map type inspect match-any INSPECT_SIP_MAP
match protocol sip
class-map type urlfilter trend match-any cptrendclasscatdeny1
match url category Abortion
match url category Activist-Groups
match url category Adult-Mature-Content
match url category Chat-Instant-Messaging
match url category Cult-Occult
match url category Cultural-Institutions
match url category Gambling
match url category Games
match url category Illegal-Drugs
match url category Illegal-Questionable
match url category Internet-Radio-and-TV
match url category Joke-Programs
match url category Military
match url category Nudity
match url category Pay-to-surf
match url category Peer-to-Peer
match url category Personals-Dating
match url category Pornography
match url category Proxy-Avoidance
match url category Sex-education
match url category Social-Networking
match url category Spam
match url category Tasteless
match url category Violence-hate-racism
class-map type inspect match-any INSPECT_PROTOCOLS_MAP
match protocol pptp
match protocol dns
match protocol ftp
match protocol https
match protocol imap
match protocol pop3
match protocol netshow
match protocol shell
match protocol realmedia
match protocol rtsp
match protocol smtp
match protocol sql-net
match protocol streamworks
match protocol tftp
match protocol vdolive
match protocol tcp
match protocol udp
match protocol icmp
class-map type urlfilter trend match-any cptrendclassrepdeny1
match url reputation ADWARE
match url reputation DIALER
match url reputation DISEASE-VECTOR
match url reputation HACKING
match url reputation PASSWORD-CRACKING-APPLICATIONS
match url reputation PHISHING
match url reputation POTENTIALLY-MALICIOUS-SOFTWARE
match url reputation SPYWARE
match url reputation VIRUS-ACCOMPLICE
class-map type inspect match-all CUSTOMIZED_NAT_MAP_1
match access-group name CUSTOMIZED_NAT_1
match protocol user-port-1
class-map type inspect match-all CUSTOMIZED_NAT_MAP_2
match access-group name CUSTOMIZED_NAT_2
match protocol user-port-2
class-map type inspect match-any INSPECT_H323_MAP
match protocol h323
match protocol h323-nxg
match protocol h323-annexe
class-map type inspect match-all INSPECT_H225_MAP
match protocol h225ras
class-map type inspect match-all CUSTOMIZED_216_MAP
match class-map CUSTOMIZED_PROTOCOL_216
match access-group name CUSTOMIZED_NAT_216
policy-map type inspect OUT-IN-INSPECT-POLICY
class type inspect INCOMING_VPN_TRAFFIC_MAP
inspect
class type inspect PPTP_GRE_INSPECT_MAP
pass
class type inspect CUSTOMIZED_NAT_MAP_1
inspect
class type inspect CUSTOMIZED_NAT_MAP_2
inspect
class type inspect CUSTOMIZED_216_MAP
inspect
class class-default
drop
policy-map type inspect urlfilter cppolicymap-1
description Default abc Policy Filter
parameter type urlfpolicy trend cprepdenyregex0
class type urlfilter cpaddbnwlocclasspermit2
allow
class type urlfilter cpaddbnwlocclassdeny3
reset
log
class type urlfilter trend cptrendclasscatdeny1
reset
log
class type urlfilter trend cptrendclassrepdeny1
reset
log
policy-map type inspect IN-OUT-INSPECT-POLICY
class type inspect cpinspectclass1
inspect
service-policy urlfilter cppolicymap-1
class type inspect INSPECT_PROTOCOLS_MAP
inspect
class type inspect INVALID_SOURCE_MAP
inspect
class type inspect INSPECT_SIP_MAP
inspect
class type inspect ALLOW_PING_MAP
inspect
class type inspect INSPECT_SKINNY_MAP
inspect
class type inspect INSPECT_H225_MAP
inspect
class type inspect INSPECT_H323_MAP
inspect
class class-default
drop
zone security inside
description INTERNAL_NETWORK
zone security outside
description PUBLIC_NETWORK
zone-pair security INSIDE_2_OUTSIDE source inside destination outside
service-policy type inspect IN-OUT-INSPECT-POLICY
zone-pair security OUTSIDE_2_INSIDE source outside destination inside
service-policy type inspect OUT-IN-INSPECT-POLICY
crypto isakmp policy 10
encr 3des
authentication pre-share
group 2
crypto isakmp key password address 11.22.3.1
crypto ipsec security-association lifetime seconds 28800
crypto ipsec transform-set TunnelToCold esp-3des
crypto map TunnelsToRemoteSites 10 ipsec-isakmp
set peer 11.22.3.1
set transform-set TunnelToCold
match address TUNNEL_TRAFFIC2Cold
interface Embedded-Service-Engine0/0
no ip address
shutdown
interface GigabitEthernet0/0
description OUTSIDE_INTERFACE
ip address 1.1.1.186 255.255.255.248
ip nat outside
ip virtual-reassembly in
zone-member security outside
duplex full
speed 1000
crypto map TunnelsToRemoteSites
crypto ipsec df-bit clear
interface GigabitEthernet0/1
description INSIDE_INTERFACE
ip address 192.168.1.150 255.255.255.0
ip nat inside
ip virtual-reassembly in
zone-member security inside
duplex full
speed 1000
ip forward-protocol nd
ip http server
ip http access-class 10
ip http authentication local
ip http secure-server
ip nat inside source static tcp 192.168.1.217 5080 interface GigabitEthernet0/0 5080
ip nat inside source route-map NAT_MAP interface GigabitEthernet0/0 overload
ip nat inside source static tcp 192.168.1.216 80 1.1.1.187 80 extendable
ip nat inside source static tcp 192.168.1.216 443 1.1.1.187 443 extendable
ip nat inside source static tcp 192.168.1.216 1494 1.1.1.187 1494 extendable
ip nat inside source static tcp 192.168.1.216 2598 1.1.1.187 2598 extendable
ip nat inside source static tcp 192.168.1.213 3389 1.1.1.187 3390 extendable
ip nat inside source static tcp 192.168.1.216 5080 1.1.1.187 5080 extendable
ip route 0.0.0.0 0.0.0.0 1.1.1.185
ip access-list standard LINE_ACCESS_CONTROL
permit 192.168.1.0 0.0.0.255
ip access-list extended ALLOW_ESP_AH
permit esp any any
permit ahp any any
ip access-list extended ALLOW_GRE
permit gre any any
ip access-list extended CUSTOMIZED_NAT_1
permit ip any host 192.168.1.217
permit ip any host 192.168.1.216
ip access-list extended CUSTOMIZED_NAT_2
permit ip any host 192.168.1.216
permit ip any host 192.168.1.212
permit ip any host 192.168.1.213
ip access-list extended CUSTOMIZED_NAT_216
permit ip any host 192.168.1.216
ip access-list extended INVALID_SOURCE
permit ip host 255.255.255.255 any
permit ip 127.0.0.0 0.255.255.255 any
ip access-list extended NAT_RULES
deny ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
deny ip 192.168.1.0 0.0.0.255 192.168.3.0 0.0.0.255
deny ip 192.168.1.0 0.0.0.255 192.168.4.0 0.0.0.255
deny ip 192.168.1.0 0.0.0.255 192.168.5.0 0.0.0.255
deny ip 192.168.1.0 0.0.0.255 192.168.6.0 0.0.0.255
deny ip 192.168.1.0 0.0.0.255 192.168.7.0 0.0.0.255
deny ip 192.168.1.0 0.0.0.255 192.168.8.0 0.0.0.255
deny ip 192.168.1.0 0.0.0.255 192.168.9.0 0.0.0.255
deny ip 192.168.1.0 0.0.0.255 192.168.10.0 0.0.0.255
permit ip 192.168.1.0 0.0.0.255 any
ip access-list extended REMOTE_SITE_SUBNET
permit ip 192.168.2.0 0.0.0.255 192.168.1.0 0.0.0.255
permit ip 192.168.3.0 0.0.0.255 192.168.1.0 0.0.0.255
permit ip 192.168.4.0 0.0.0.255 192.168.1.0 0.0.0.255
permit ip 192.168.5.0 0.0.0.255 192.168.1.0 0.0.0.255
permit ip 192.168.6.0 0.0.0.255 192.168.1.0 0.0.0.255
permit ip 192.168.7.0 0.0.0.255 192.168.1.0 0.0.0.255
permit ip 192.168.8.0 0.0.0.255 192.168.1.0 0.0.0.255
permit ip 192.168.9.0 0.0.0.255 192.168.1.0 0.0.0.255
permit ip 192.168.10.0 0.0.0.255 192.168.1.0 0.0.0.255
ip access-list extended TUNNEL_TRAFFIC2ABM
permit ip 192.168.1.0 0.0.0.255 192.168.10.0 0.0.0.255
ip access-list extended TUNNEL_TRAFFIC2Bridgewater
permit ip 192.168.1.0 0.0.0.255 192.168.8.0 0.0.0.255
ip access-list extended TUNNEL_TRAFFIC2ColdbrookDispatch
permit ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
ip access-list extended TUNNEL_TRAFFIC2ColdbrookETL
permit ip 192.168.1.0 0.0.0.255 192.168.7.0 0.0.0.255
ip access-list extended TUNNEL_TRAFFIC2ColdbrookTrailershop
permit ip 192.168.1.0 0.0.0.255 192.168.3.0 0.0.0.255
ip access-list extended TUNNEL_TRAFFIC2Moncton
permit ip 192.168.1.0 0.0.0.255 192.168.6.0 0.0.0.255
ip access-list extended TUNNEL_TRAFFIC2MountPearl
permit ip 192.168.1.0 0.0.0.255 192.168.4.0 0.0.0.255
ip access-list extended TUNNEL_TRAFFIC2Ontoria
permit ip 192.168.1.0 0.0.0.255 192.168.5.0 0.0.0.255
ip access-list extended WEB_TRAFFIC
permit tcp 192.168.1.0 0.0.0.255 any eq www
access-list 10 permit 192.168.1.0 0.0.0.255
route-map NAT_MAP permit 10
match ip address NAT_RULES
snmp-server community 1publicl RO
control-plane
line con 0
logging synchronous
login authentication NONE_LOGIN
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport input all
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
access-class LINE_ACCESS_CONTROL in
exec-timeout 30 0
logging synchronous
transport input all
scheduler allocate 20000 1000
ntp server 0.ca.pool.ntp.org prefer
ntp server 1.ca.pool.ntp.org
endHi,
I know this is for a different platform but have a look at this link:
https://supportforums.cisco.com/thread/2089462
Read through it to get some idea of the similarity, but in particular note the last entry almost a year after the original post.
I too am having trouble with http inspection, if I do layers 3 & 4 inspection there is no issue whatsoever, but as soon as I enable layer 7 inspection then I have intermittent browsing issues.
The easy solution here is to leave it at layers 3 & 4, which doesn't give you the flixibility to do cool things like blocking websites, IM, regex expression matching etc... but in my opinion I just don't think these routers can handle it.
It appears to be a hit and miss affair, and going on the last post from the above link, you might be better off in having the unit replaced under warranty.
The alternative is wasting a lot of time and effort and impacting your users to get something up and running that in the end is so flaky that you have no confidence in the solution and you are then in a situation where ALL future issues users are facing MIGHT be because of this layer 7 inspection bug/hardware issue etc?
I would recommend you use the router as a frontline firewall with inbound/outbound acl's (no inspection), and then invest a few $ in getting an ASA dedicated firewall (but that's just me ) -
Hi,
i received an indesign file to include in a folio that had links to the creators desktop where they had the assets for the web content overlay. When i try to update the folio i get the error message:
"Content generation error.
[Error: Invalid URL for Web Content Overlay]"
Which is fair enough.
The problem is, i have gone through and changed all URLs that I can see, but there is one somewhere, that I just can't find.
Is there a way to get a list of all web content overlays in a particular file? otherwise i will need to recreate the whole page again, and it has some pretty complex interactions which i rather wouldn't do.
I also cannot ask the original doc creator to just change the links as i'm sure he'll have the same issues as me, at not being able to track down the erroneous link.
The problem I have with DPS is that its not very transparent. you'll have to click on everything, and into every group to see what actions are on it, which can be extremely time consuming and frustrating when complex interactions are included.
thanks in advance for any assistanceI’ve found watching the process helpful to narrow down the page.
Working off a duplicate of the file, delete one layer at a time until you figure out what layer the problem is on.
From there it’s a bit easier to narrow down. -
Invalid Url for Web Content Overlay
I am constantly getting this error when I try to upload a page with a web content overlay -- i even get thi smessage if i try to upload http://google.com.
sgThis link is likely being redirected, and redirects aren't allowed in Web Content overlays. For example, http://www.google.com will work, but http://google.com won't. Check the URL on a mobile device. A lot of sites get redirected to the mobile version: http://twitter.com becomes http://mobile.twitter.com.
-
Invalid URL for Web Content Overlay. Help?
I am doing a french tranlation to an existing folio app that someone else created.
There is one page in my folio that is comprised of garbage and a trash can. You touch the garbage and drag it into the trash, and things change, etc.
I have an index.html file and a bunch of other images.
I can't even successfully add the article to my folio, I get this warning: Content Generator Error. Invalid URL for Web Content Overlay.
Can you walk me through how to get this to work?
Attached is a screen shot of my file structure...When you specify the .html file, all the content in that folder is uploaded automatically. Here's an article about Web Content overlays:
http://help.adobe.com/en_US/digitalpubsuite/using/WS9293e1fb3b977c5c73657495129f66e490f-7f fa.html
And here's an article and video about HTML articles:
http://help.adobe.com/en_US/digitalpubsuite/using/WS67cb9e293e2f1f60530cf39c12f5fcd6d46-80 00.html -
URLs to specific articles in Web Content Viewer
I'm placing the Web Content Viewer on a custom site for free viewing of all articles in the folio. Is it possible to get a URL of individual articles that be links sent to people? So if there is an email blast, can there be a URL that will lead a reader to a certain article in that online folio? Thanks.
Is this the reason (under "Known issues with social sharing / web viewer)? Digital Publishing Suite Help | DPS Bug Fix Release Notes
I'm not using V32 on this folio. -
How create URL for see my folio on the web content viewer ?
Hello,
I try to create URL for see my folio on the web content viewer but nothing Work
i have this informations :
my applicationName
my accountID
my publication Name
and my articleName (even if for this i'm not sure)
All my articles are free, my folio is published...
For information my folio is in PDF format with the resolution 1024x768
Have you one idea why it's doesn't work ?
Thanks for yours answersRather than cobbling together the individual parts of the URL, create a development app with social sharing enabled and at least one article set to free. When you share the article of the published folio, you'll see your web viewer URL.
Maybe you are looking for
-
How to print a report on A3 page instead of A4?
Hi all, I have an RDF report which is printing on A4 size page, but now I wnat to print same report on A3 size page. My question is. Is it possible to change the paper size from A4 to A3 if yes how can i do that. Please guide me. Regards, Roshan
-
External keyboard and mouse not recognized after waking from sleep
This started happening all of a sudden. It was working fine before that. When I disconnect the power cable, keyboard, and then connect them back, its not recognized. To make it recognize the keyboard and mouse, I have to logout and login or restart t
-
Connecting HDR-FX7 camcorder to Macbook Pro help
I have a Sony HDR-FX7 Camcorder. To capture footage it needs an HDV/HV-i.Link cable. The only problem is, (I think) that this doesn't connect to a macbook pro 13inch laptop. So my question is, what cable(s), what adaptor, if i need one, do I need to
-
How to recharge my Z22 without USB-cable?
Hi from Fuerteventura my XP-windows Laptop crashed after 5 years of duty. Now with a Windows7 Computer I can sync by Infrared, OK, but how can I recharge the battery of my Zire Z22? Has anyone an idea? Thanks. Post relates to: Zire This question was
-
MIRO error during invoice posting
Hi, when I post an invoice document with MIRO, the system prompts with the following error: Account type K is not defined for document type RE Message no. F5243 How can I post the invoice ? Best regards