Filter
Top Products
21-43
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 21 Managing Zone-based Firewall Rules
Configuring Content Filtering Maps for Zone-based Firewall Policies
Whitelisted and Blacklisted
Domains tables
These tables define the domain names for which the software will not
contact the external URL filtering server. Domain names on the
whitelist are always allowed. Domain names on the blacklist are always
blocked. Use these lists to identify entire domains that you want to
allow without restriction (such as your company’s web site) or block
completely (such as pornography sites).
Domain names can be complete (including the host name, such as
www.cisco.com), or partial (such as cisco.com). For partial names, all
web site hosts on that domain are either permitted or denied. You can
also enter host IP addresses.
• To add a domain name, click the Add button and fill in the Add
Server dialog box (see Add or Edit URL Domain Name Dialog Box
for URL Filter Parameters, page 21-44).
• To edit a domain name, select it and click the Edit button.
• To delete a domain name, select it and click the Delete button.
Enable Alert Whether to generate stateful packet inspection alert messages on the
console.
Enable Audit Trail Whether to log URL information to the syslog server or router.
Enable Allow Mode Whether to allow or block URL requests when the URL filtering
process does not have connectivity to a URL filtering database. When
allow-mode is on, all unmatched URL requests are allowed; when off,
all unmatched URL requests are blocked.
External Filtering Tab
The fields on this tab define the properties for an external URL filtering server.
Server Type
Server Table
The type of external URL filtering server you are configuring, either
SmartFilter (N2H2) or Websense.
• To add servers, click the Add button and fill in the Add External
Filter dialog box (see Add or Edit External Filter Dialog Box,
page 21-40).
• To edit a server, select it and click the Edit button.
• To delete a server, select it and click the Delete button.
Source Interface The interface whose IP address should be used as the source IP address
when a TCP connection is established between the system and the URL
filtering server.
Maximum Cache Entries The maximum number of entries to store in the categorization cache.
The default is 5000.
Maximum Requests The maximum number of pending requests. The range is from 1 to
2147483647. The default is 1000.
Maximum Responses The maximum number of HTTP responses that can be buffered. The
range is from 0 and 20000. The default is 200.
Table 21-17 Add or Edit URL Filter Parameter Map Dialog Boxes (Continued)
Element Description