Web content filtering

Similar Messages

• IOS web content filtering cannot get trend micro filter

  hi, i just wondering how really i can get my router's content filtering connect to trps.trendmicro.com server again. previously it was success to get connect to the server, after i doing some changes on my zone-pair firewall then it cannot connect to the trend micro server anymore.
  sh ip trm subscription status showing that i successfully connected and registerd
  all the installation guide is doing accordingly,then i turn on my debug crypto pli validation and debug ip trm detail, all showing success connection to trendmicro site.
  parameter-map type trend-global <param> are pointing to the trps.trendmicro.com, my class-map and policy-map didn't have any changes since last success connection.
  zone-pair setting also attach with the right policy-map that serve for service-policy urlfilter <name>
  overall, after my zone-pair firewall is UP again, then my web content filtering is gone, while registeration is made..
  anyone have any idea what really happen?
  thanks
  Noel

  Hi Yongkhang,
  I think in order to figure out what is happening, we need to troubleshoot and see the config, data and other show commands.  I'm not sure if you would feel comfortable posting that here.  Therefore, i think its best to open up a case with tac on it so that it can be troubleshot to see why you cant access the trend micro server.
  can you let me know what you mean by when you turn on your ZBF, your web content filtering is gone.  Are you saying, when you turn on zbf, the web content filtering is no longer blocking or allowing sites?
  have you ran the following debugs?
  debug ip urlfilter detail
  debug ip urlfilter event
  debug ip url filter function-trace
  also, what does this show:
  show policy-map type inspect zone-pair urlfilter
  Are you sure you have the class maps in the proper order since its processed sequentially..
  regards,
  scott

• Web Content Filtering on WP8+

  Is there (or will there be) any way to filter web content on WP8+ devices?
  We can disable WiFi and rely on carrier content filtering but would like the option of WiFi if possible.

  This is not something that is offered today through Intune.  However, we will take this as feedback.
  Thanks!
  Paul Goodson - This posting is provided "AS IS" with no warranties and confers no rights.

• Web Content Filtering / Virus Scanning appliance

  Hello all,
  I'm in the market for a content / url / virus scanning device for our network. We are currently using MXLogic's Web Defense service and while it's very cheap it is not suiting our needs. What I'm looking for is an appliance that will do content filtering but also virus / malware / spyware scanning on web traffic. I'd also need to be able to setup policies / groups for different set's of users. For instance the folks who purchase the products we sell need to be able to see our vendors media (streaming video) content while our sales folks don't. I can't currently do this with MXLogic, it's all or nothing.
  Our firewall is an ASA5510 and I've looked at the Content Security SSM-10 module with the plus license and while the pricing is definitely attractive I have a few questions about it. Does it integrate with MS Active Directory? In other words and it filter based on groups and policies or is it more IP / ACL based? Also does it perform well?
  I've also looked at the IronPort product cisco sell's and have similar questions regarding that mainly what are folks experience with it, is it something you would recommend?

  Hi Allen,
  To answer your questions related to the CSC module:
  1. No, the CSC module does not integrate with Active Directory. This is something that Trend Micro has in the works, but as of now there is no ETA for this functionality.
  2. The CSC module will perform fairly well if used in the environment it was designed for. I would recommend taking a look at the CSC sizing guide to see if the CSC-SSM-10 would be something that is scalable enough for your network:
  http://www.cisco.com/en/US/prod/collateral/vpndevc/ps6032/ps6094/ps6120/prod_white_paper0900aecd805c3cd6.html
  I cannot speak to the performance/functionality of IronPort as I have not used it personally, but I have heard good things. Also, external appliances from Websense seem to be a popular choice when you need a product that is a bit more scalable or granular than what the CSC module can provide.
  Hope that helps.
  -Mike

• Apple Configurator Web Content Filtering Question

  I manage a few K12 classroom sets of iPods via Apple Configurator and I have a younger classroom that wants to limit web access to a few sites and I have been trying to adjust the profile in Apple Configurator to make this happen but it doesn't work.
  I open the profile and go to the Web Content Filter option and add a payload to only allow specific websites and enter the URLs and apply the updated profile to the supervised device but I can still get anywhere I want in Safari. I have tried this process for an hour now to no avail and can't seem to find anything online.
  The only thing I can think of is that this option to limit to specific sites is only available to iOS 7(?). We own quite a few of the 4th generation iPod Touches that are obviously denied this upgrade and so am looking for any help or validation that this option in Apple Configurator is available only to iOS 7 supervised devices???
  Thanks.

  Here is my answer as per an email from Chris C. a Systems Engineer for Apple Education:
  That was a new feature added with Apple Configurator 1.4 and works with iOS 7 supervised devices. I will research this a bit more to see if there is a way around this to work with iOS 6 devices and will follow up with you shortly.
  I understand that you cannot always support "older" operating systems but am truly frustrated with Apple's lack of support on iOS 6 devices when this is what so many K12 schools will have...

• ASA 5515x and web content filtering

  hi all
  i tried adding a content rule on my asa 5515x, it say i don' t have one configured in configuration/firewall/url filtering.  when i got there, i need to configure either websense or smartfiler.  Are those free or I need to purchase that from those vendor?  My 5515x is security plus, is that included there?
  does asa 5515x have it's own filtering without going to third party vendor?
  thanks for any comment you may add.

  As already mentioned, the MPF has the capability to filter on URLs. But that is quite limited and in my opinion not usable at all (unless you only have a couple of FQDNs to filter that don't change often). If you need more functionality and you want to stay on the ASA you could deploy ASA-CX. Otherwise you could deploy a dedicated proxy and force your users to use that proxy. That could be the best solution in your environment.
  Sent from Cisco Technical Support iPad App

• Web content filtering software??

  Can anybody suggest a good web filtering programme compatible with Safari?
  When my brother in Law wants to use my internet for 'homework' i want to avoid him being able to look up anything to do with Sex, Drugs or Playstation (his grades are getting worse and so is his PS2 addiction.)
  Anybody help??
  Cheers.

  Hello,
  I think WebSense is pretty good, they seems closely integrated with Cisco:
  http://www.websense.com/global/en/
  Also, check this link for a review of 10 different filter applications:
  Internet Filter Review
  http://internet-filter-review.toptenreviews.com/?ttreng=1&ttrkey=internet+filter
  Regards,
  GP

• URL / Web content filter

  hello all!  We are currently looking to replace our PIX 515e's with something newer.  The hang up is we want to look at something else besides Websense for our URL / Web Content filtering specifically because of price on renewal's.  We do not currently have IDS / IPS in place unless you count the Websense as doing that (maybe just a little bit?) and it would be nice to add that capability.  I've had experience with the Palo Alto box as a UTM in the past however we want to stick with Cisco where I'm at presently.  So what we're looking at is the new ASA 5515-X or 5525-X (HA pair) with IPS plus something else for the web filtering side (besides Websense).  We're getting quotes on the IronPort S160 however my guess is it's going to be just as pricy as Websense, probably the same for Scan Safe.  Right now we're at about 300 users but are looking to double that in the next year.  What are some other good solutions out there?  Easey to manage would be nice, less expensive would be nice, effective would be nice.  Can we get that all together?

  Don't know about traffic from multiple networks.  Offhand, I can't think of why this would be a problem for squid itself, other than it may complicate the config a little bit -- but it may not.  I did a quick Google and didn't see anything that indicated it may be a problem, but I probably didn't click as many links as you did
  Squid is just one option.  The disadvantage of squid compared to a paid-for service, in my opinion, is that you either have to get lists from somewhere or manually create your own block and allow lists.  Because of that, I use a combination of OpenDNS to block the obvious like porn, and then I use squid for more granular control like managament can view job searching sites, but other users cannot.
  With squid, you have so many options though.  For example, you could setup a scheduled task to download current lists from your source of choice and apply them to squid ACLs.
  I am a much smaller shop though, so this works for me.  300-600 users changes things up a little depending on what you want to accomplish.

• ASA CX content filtering, looking for suggestions

  I wanted to get some feedback on how the rest of you security folks are doing web content filtering.
  The CX does a great job with HTTP but when it comes to HTTPS it leaves a lot to be desire. When the CX first went live, it was configured to decrypt all HTTPS traffic and Deny transactions to servers "Using an untrusted certificate" and "If the secure session handshake fails" turned on.
  Immediately I started to implement the "Do not decrypt" policy and it worked great for most websites experiencing HTTPS decryption issues. Other websites required that HTTPS certificate be imported to the CX for it to work.
  However, due to the constant "error:140920E3:SSL routines:SSL3_GET_SERVER_HELLO:parse tlsext" I experimented with different work a rounds till I found these articles.
  http://www.exploresecurity.com/the-small-print-for-openssl-legacy_renegotiation/
  https://www.digicert.com/news/2011-06-03-ssl-renego.htm
  TAC's suggestion was to create a deny statement (using an object group that defines the FQDN) at the top of the ACL that send the traffic from the ASA to the CX. This was the only way to keep the CX deny "Using an untrusted certificate" and "If the secure session handshake fails" decryption settings turned on.
  Now I feel I am back at square one as the number of exceptions have grown exponentially. This has led me to believe that I need to revisit the way that content filtering is being implemented. My goal is to apply a simple yet scalable solution. As I see it, I can continue to add to the "ASA to CX" exemption list, this is not a scalable solution as it requires all FQDN to be defined (ex. bank.com, server1.bank.com, server2.bank.com, etc). The alternative is to relax the CX decryption configurations which I feel is the equivalent of removing a car's airbags for weight reduction to make it faster.
  Any input would be appreciated!

  I've come to the conclusion that SSL decryption is only possible where a robust PKI has been deployed in an enterprise. Even then we would ideally use a dedicated SSL decryption appliance so we can hand the CX (or ASA with FirePOWER service module) plain old http for inspection.
  The software modules just don't have the processing power to be able to do line rate decryption for any but the most modest throughput rates.
  Also, the CX is being deprecated going forward in favor of the FirePOWER modules so you won't see any significant new feature addressing this shortcoming on the CX.

• Internet Content Filtering

  Hello; I am looking at Purchasing a BB Curve from Verizon Wireless (all of our phones are with them now).
  I need to figure out how to set-up Internet (WEB) content filtering without using BES.  We are not setup with Microsoft exchange server etc.  I will be the only employee with a Blackberry.
  Can this be done without using BES?  I have searched HIGH and LOW and have found NOTHING that tells me if this can be acheived and how.
  Verizon Wireless offers Web Content filtering but of course NOT for BBs.
  HELP!!
  Solved!
  Go to Solution.

  Hi and welcome to the forums,
  I was unable to come up with any content filtering for a BIS device as well.
  They are all designed for BES.
  Sorry!
  If this answers your question please resolve the thread by using the options over the kudo's star.
  If you need more assistance please let us know!
  Thanks!
  Click Accept as Solution for posts that have solved your issue(s)!
  Be sure to click Like! for those who have helped you.
  Install BlackBerry Protect it's a free application designed to help find your lost BlackBerry smartphone, and keep the information on it secure.

• Hyperlinks not working correctly when converting word doc to Web Page, Filtered

  I have created a word document (MS Word 2013) with Table of Contents and their links to particular sections and all the hyperlinks works fine in the word document. But when I convert this document into Web Page, Filtered then after a specific point
  the hyperlinks not pointing to their respective sections instead they are pointed to the end of the page.
  I have checked the page source of the HTML document and found that the table of contents have hyper links but the respective sections doesn't have the hyper link code and hence click on the a section didn't find the that section and go to the end
  of the document.
  I have tried to convert into PDF and hyperlinks worked fine.
  Please advise me how to resolve this issue.
  Thanks in advance
  Deepak

  Hi Deepak,
  I'm marking the reply as answer as there has been no update for a couple of days.
  If you come back to find it doesn't work for you, please reply to us and unmark the answer.
  Best Regards,
  Steve Fan
  Forum Support
  Come back and mark the replies as answers if they help and unmark them if they provide no help.
  If you have any feedback on our support, please click
  here

• DHCP reservation & DNS for content filtering

  Hi All,
  I am working around with server 2008 for quite a while and facing a problem as below,
  1.DHCP reservation error
  Server Ip:192.168.0.254 (configured as DNS server for local use only with AD & DHCP)
  DHCP scope: 192.168.0.100 to 192.168.0.200 excluded 192.168.0.100 to 192.168.0.110
  earlier the same scope was 192.168.0.10 to 192.168.0.100. I was facing a error when I make a IP reservation against a MAC number error was " The unique identifier may not be correct do you want to use the identifier anyway" when I click yes "DHCP
  server received a message from a client that is not valid" and by this error I am not able to make any reservations now against MAC numbers.
  The same error was also on the earlier scope and that's why changed to a new scope but did not work. Any solutions will me much appreciated
  2.DNS fine tuning. 
  I have an open DNS account on which my WAN IP number is configured to do a content filtering. I have two LAN ports with the below IP number
  Local : 192.168.0.254 ( configured with no gateway and DNS as loopback (127.0.0.1)
  ISP: 192.168.0.253 (with ISP gateway and DNS as loop back adapter & open DNS)
  I have did a content filtering and things are working fine. But I got to open up some machines out of this content filtering and when I try to give the IP number in this below fashion.
  192.168.0.115
  255.255.255.0
  192.168.0.1
  DNS
  192.168.0.254
  ISP DNS to avoid filtering
  I find that 192.168.0.254 does the resolving and things are still filtered as per the schedule. Is there a way where we can configure 192.168.0.254 (Local DNS server) to stop resolving web requests and only cater to resolving local names for connectivity.
  I do know its too long but solutions for the same will be help me out to solve it. Thanks in advance.
  Regards,
  Vaschell

  Hello,
  I have found something strange on the DHCP reservation. When I try to add a MAC number out of the network its able to make out a reservation.
  Is there any way to clear the MAC number cache or something else which I can try.
  A copy of the ipconfig /all for the server is below,
  C:\Users\Administrator>ipconfig /all
  Windows IP Configuration
     Host Name . . . . . . . . . . . . : server
     Primary Dns Suffix  . . . . . . . : xyzabc.com
     Node Type . . . . . . . . . . . . : Hybrid
     IP Routing Enabled. . . . . . . . : Yes
     WINS Proxy Enabled. . . . . . . . : No
     DNS Suffix Search List. . . . . . : xyzabc.com
  Ethernet adapter LOCAL:
     Connection-specific DNS Suffix  . :
     Description . . . . . . . . . . . : Intel(R) I210 Gigabit Network Connectio
  #2
     Physical Address. . . . . . . . . : 00-1E-67-A4-F4-DC
     DHCP Enabled. . . . . . . . . . . : No
     Autoconfiguration Enabled . . . . : Yes
     IPv4 Address. . . . . . . . . . . : 192.168.0.254(Preferred)
     Subnet Mask . . . . . . . . . . . : 255.255.255.0
     Default Gateway . . . . . . . . . :
     DNS Servers . . . . . . . . . . . : 127.0.0.1
     NetBIOS over Tcpip. . . . . . . . : Enabled
  Ethernet adapter ISP:
     Connection-specific DNS Suffix  . :
     Description . . . . . . . . . . . : Intel(R) I210 Gigabit Network Connectio
     Physical Address. . . . . . . . . : 00-1E-67-A4-F4-DB
     DHCP Enabled. . . . . . . . . . . : No
     Autoconfiguration Enabled . . . . : Yes
     IPv4 Address. . . . . . . . . . . : 192.168.0.253(Preferred)
     Subnet Mask . . . . . . . . . . . : 255.255.255.0
     Default Gateway . . . . . . . . . : 192.168.0.1
     DNS Servers . . . . . . . . . . . : 127.0.0.1
                                         208.67.222.222
                                         208.67.220.220
     NetBIOS over Tcpip. . . . . . . . : Enabled
  PPP adapter RAS (Dial In) Interface:
     Connection-specific DNS Suffix  . :
     Description . . . . . . . . . . . : RAS (Dial In) Interface
     Physical Address. . . . . . . . . :
     DHCP Enabled. . . . . . . . . . . : No
     Autoconfiguration Enabled . . . . : Yes
     IPv4 Address. . . . . . . . . . . : 192.168.0.205(Preferred)
     Subnet Mask . . . . . . . . . . . : 255.255.255.255
     Default Gateway . . . . . . . . . :
     NetBIOS over Tcpip. . . . . . . . : Disabled
  Tunnel adapter Local Area Connection* 8:
     Media State . . . . . . . . . . . : Media disconnected
     Connection-specific DNS Suffix  . :
     Description . . . . . . . . . . . : isatap.{0602F6CF-4B32-491F-994A-3C0952D
  B54}
     Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
     DHCP Enabled. . . . . . . . . . . : No
     Autoconfiguration Enabled . . . . : Yes
  Tunnel adapter Local Area Connection* 9:
     Media State . . . . . . . . . . . : Media disconnected
     Connection-specific DNS Suffix  . :
     Description . . . . . . . . . . . : isatap.{6A14710B-A078-4AF9-BD7A-989767F
  377}
     Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
     DHCP Enabled. . . . . . . . . . . : No
     Autoconfiguration Enabled . . . . : Yes
  Tunnel adapter Local Area Connection* 11:
     Media State . . . . . . . . . . . : Media disconnected
     Connection-specific DNS Suffix  . :
     Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
     Physical Address. . . . . . . . . : 02-00-54-55-4E-01
     DHCP Enabled. . . . . . . . . . . : No
     Autoconfiguration Enabled . . . . : Yes
  Tunnel adapter Local Area Connection* 12:
     Media State . . . . . . . . . . . : Media disconnected
     Connection-specific DNS Suffix  . :
     Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
     Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
     DHCP Enabled. . . . . . . . . . . : No
     Autoconfiguration Enabled . . . . : Yes
  C:\Users\Administrator>
  Thanks,
  Vaschell

• Cisco Content Engine for Content Filtering

  Hi All,
  I am looking for a low end solution for Content Filtering and would like to use Cisco Content Engine.
  1. The documentation said that Websense, Secure Computing SmartFilter (does not require separate SmartFilter) & N2H2 support is there on the CE. I used configurator on CE 510, but it did not give me option for any of those. I would appreciate any input in this regard.
  2. Also, I assume that once I get a Content Engine, I don't need to use Microsoft Proxy any more, please confirm.
  regards,
  Ahmer Ghazi

  You would have to Install the Smartfilter software on the Content engine that would work with the ACNS software running on the CE. SmartFilter software operates inside your network to control user access to external Internet resources and allows you to restrict access to World Wide Web pages, newsgroups, and FTP sites.
  For more details refer:
  http://www.cisco.com/univercd/cc/td/doc/product/webscale/uce/acns41/smrtfltr/sf_chap1.htm
  The Content Engine does the job of storing content locally and serving it to the users, so you would not need to use the Microsoft Proxy.

• How can I achieve IOS content filtering using a Cisco router

  Good day Everybody.
  I would like to set up content filtering using IOS on my Cisco router. I already know how to do URL filtering but I want to restrict access to sites based on categories.
  Is this possible without having to introduce an external device?

  Natively in IOS this is not possible. However you can configure CWS (Cisco Web Security). The router will forward web requests to a cloud based web security service.
  http://www.cisco.com/en/US/prod/collateral/vpndevc/ps10142/ps11720/data_sheet_c78-729637.html

• How can create webi content link in BI Workspace?

  Dear Expert,
  I'm facing problem with creating 2 webis content link in BI Workspace.
  I tried to follow this Creating a BI Workspace in BI4 Feature Pack 3.
  But I can not find "PARAMETER_OUT".
  Please help me to how can I create "PARAMETER_OUT" to connect with "PARAMETER_IN".
  Best regards,
  Chenna Yon

  I have created a "Scope Resource Filter"
  Knowledge Management --> Content-Management --> Global Services --> Resource Filters --> Scope Resource Filter
  "URL (Content Link) Mode (Documents/Web-Pages Only): *" <<exclude>>
  I have created a new crawler which uses this filter and re-indexed my content, but without success.
  I guess this is the right way, but It seems that I have forgot something...
  I would appreciate any help
  Thank you and best regards
  Khaled el Taki / Cologne, Germany