Filtering Overview - Cisco FirePOWER ASA 5500 series Configuration Manual
Security appliance command line
Hide thumbs
Also See for FirePOWER ASA 5500 series:
- Datasheet (20 pages) ,
- Configuration manual (1140 pages)
Table of Contents
Advertisement
Applying Filtering Services
This chapter describes ways to filter web traffic to reduce security risks or prevent inappropriate use.
This chapter contains the following sections:
•
•
•
•
•
Filtering Overview
This section describes how filtering can provide greater control over traffic passing through the security
appliance. Filtering can be used in two distinct ways:
•
•
Instead of blocking access altogether, you can remove specific undesirable objects from HTTP traffic,
such as ActiveX objects or Java applets, that may pose a security threat in certain situations.
You can also use URL filtering to direct specific traffic to an external filtering server, such an Secure
Computing SmartFilter (formerly N2H2) or Websense filtering server. Long URL, HTTPS, and FTP
filtering can now be enabled using both Websense and Secure Computing SmartFilter for URL filtering.
Filtering servers can block traffic to specific sites or types of sites, as specified by the security policy.
Because URL filtering is CPU-intensive, using an external filtering server ensures that the throughput of
other traffic is not affected. However, depending on the speed of your network and the capacity of your
URL filtering server, the time required for the initial connection may be noticeably slower when filtering
traffic with an external filtering server.
Filtering ActiveX Objects
This section describes how to apply filtering to remove ActiveX objects from HTTP traffic passing
through the firewall. This section includes the following topics:
•
•
OL-10088-01
Filtering Overview, page 20-1
Filtering ActiveX Objects, page 20-1
Filtering Java Applets, page 20-3
Filtering URLs and FTP Requests with an External Server, page 20-3
Viewing Filtering Statistics and Configuration, page 20-9
Filtering ActiveX objects or Java applets
Filtering with an external filtering server
ActiveX Filtering Overview, page 20-2
Enabling ActiveX Filtering, page 20-2
C H A P T E R
Cisco Security Appliance Command Line Configuration Guide
20
20-1
Advertisement
Table of Contents
Troubleshooting
