Local Urlfilter

Mettete al sicuro la vostra rete!

Moderatore: Federico.Lagni

Rispondi
moorpheus
Cisco fan
Messaggi: 49
Iscritto il: mer 12 set , 2007 7:44 am

Ciao a tutti,
qualcuno sa se il local urlfilter sugli 877 funziona?
Per la miseria sto impazzendo, non riesco proprio a farlo andare cacchio.

IOS 124-24.T4 e ZBF attivo


SCUSATE ho risolto.

l'inghippo era in una class Type messa dopo un'altra.

A chi interessa la conf funzionante è questa:

parameter-map type urlfpolicy local urlfilter
allow-mode on
block-page message "Vai a lavorare"
parameter-map type urlf-glob facebook
pattern facebook.com
pattern *.facebook.com

parameter-map type urlf-glob sitipermessi
pattern *

!
!
class-map type urlfilter match-any sitipermessi
match server-domain urlf-glob sitipermessi
class-map type inspect match-any sdm-cls-insp-traffic
match protocol cuseeme
match protocol dns
match protocol ftp
match protocol h323
match protocol https
match protocol icmp
match protocol imap
match protocol pop3
match protocol netshow
match protocol shell
match protocol realmedia
match protocol rtsp
match protocol smtp extended
match protocol sql-net
match protocol streamworks
match protocol tftp
match protocol vdolive
match protocol tcp
match protocol udp
class-map type inspect match-all sdm-insp-traffic
match class-map sdm-cls-insp-traffic
class-map type inspect match-any sdm-cls-icmp-access
match protocol icmp
match protocol tcp
match protocol udp
class-map type urlfilter match-any socialnetwork
match server-domain urlf-glob facebook
class-map type inspect match-all sdm-invalid-src
match access-group 100
class-map type inspect match-all sdm-icmp-access
match class-map sdm-cls-icmp-access
class-map type inspect match-all sdm-protocol-http
match protocol http
!
!
policy-map type inspect sdm-permit-icmpreply
class type inspect sdm-icmp-access
inspect
class class-default
pass
policy-map type inspect urlfilter socialnetwork
class type urlfilter socialnetwork
reset
class type urlfilter sitipermessi
allow
policy-map type inspect sdm-inspect
class type inspect sdm-invalid-src
drop log
class type inspect sdm-protocol-http
inspect
service-policy urlfilter socialnetwork
class class-default
drop
class type inspect sdm-insp-traffic
inspect

policy-map type inspect sdm-permit
class class-default
drop
!
zone security out-zone
zone security in-zone
zone-pair security sdm-zp-self-out source self destination out-zone
service-policy type inspect sdm-permit-icmpreply
zone-pair security sdm-zp-out-self source out-zone destination self
service-policy type inspect sdm-permit
zone-pair security sdm-zp-in-out source in-zone destination out-zone
service-policy type inspect sdm-inspect

In rosso le due class type che avevo invertito.
Rispondi