Buffering Replies - Cisco Catalyst 6500 Series Configuration Manual
Catalyst 6500 series switch and
cisco 7600 series router firewall services
Hide thumbs
Also See for Catalyst 6500 Series:
- Software configuration manual (570 pages) ,
- Configuration note (212 pages) ,
- Installation manual (194 pages)
Table of Contents
Advertisement
Chapter 14
Filtering HTTP, HTTPS, or FTP Requests Using an External Server
•
For example, to identify redundant Sentian servers, enter:
FWSM/contexta(config)# url-server (perimeter) vendor n2h2 host 10.0.1.1
FWSM/contexta(config)# url-server (perimeter) vendor n2h2 host 10.0.1.2
Buffering Replies
By default, when a user issues a request to connect to a website or FTP server, the FWSM sends the
request to the web/FTP server and to the filtering server at the same time. If the filtering server does not
respond before the web/FTP server, the reply from the web/FTP server is dropped.
To avoid dropping traffic, you can configure the FWSM to buffer replies from web and FTP servers.
When the filtering server eventually responds, the FWSM can allow the connection.
To enable buffering, enter the following command:
FWSM/contexta(config)# url-block block block-buffer-limit
The block-buffer-limit sets the amount of memory assigned to the buffer from 0 to 128 blocks. Each
block is 1550 bytes.
OL-6392-01
timeout seconds—The number of seconds between 10 and 120 before the FWSM stops trying
–
to connect to the server, and attempts to connect to the next server in the list (if available). The
default is 30 seconds.
–
protocol tcp [version {1 | 4}]—Specifies that communication between the FWSM and the
Websense server uses TCP, which is the default protocol. We recommend version 4, although
version 1 is the default. Version 4 allows the FWSM to send authenticated usernames to the
Websense server and to support URL caching.
protocol udp—Specifies UDP, which has greater throughput, but which does not support long
–
URLs.
To identify an N2H2 Sentian server, enter the following command:
FWSM/contexta(config)# url-server ( if_name ) vendor n2h2 host ip_address [port number ]
[timeout < seconds >] [protocol {tcp | udp}]
See the following options:
(if_name)—The interface through which the FWSM communicates with the server.
–
ip_address—The N2H2 server IP address.
–
port number—The port used to communicate with the N2H2 server. The default is 4005 for
–
TCP or UDP. Change this value if you change the port on the N2H2 server.
timeout seconds—The number of seconds between 10 and 120 before the FWSM stops trying
–
to connect to the server, and attempts to connect to the next server in the list (if available). The
default is 30 seconds.
protocol {tcp | udp}—Specifies the protocol used for communication between the FWSM and
–
the N2H2 server. TCP is the default protocol, and is recommended.
Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide
Configuring General Filtering Parameters
14-3
Advertisement
Table of Contents
Troubleshooting
