14-3
Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide
OL-6392-01
Chapter 14 Filtering HTTP, HTTPS, or FTP Requests Using an External Server
Configuring General Filtering Parameters
–
timeout seconds—The number of seconds between 10 and 120 before the FWSM stops trying
to connect to the server, and attempts to connect to the next server in the list (if available). The
default is 30 seconds.
–
protocol tcp [version {1 | 4}]—Specifies that communication between the FWSM and the
Websense server uses TCP, which is the default protocol. We recommend version 4, although
version 1 is the default. Version 4 allows the FWSM to send authenticated usernames to the
Websense server and to support URL caching.
–
protocol udp—Specifies UDP, which has greater throughput, but which does not support long
URLs.
• To identify an N2H2 Sentian server, enter the following command:
FWSM/contexta(config)# url-server (
if_name
) vendor n2h2 host
ip_address
[port
number
]
[timeout <
seconds
>] [protocol {tcp | udp}]
See the following options:
–
(if_name)—The interface through which the FWSM communicates with the server.
–
ip_address—The N2H2 server IP address.
–
port number—The port used to communicate with the N2H2 server. The default is 4005 for
TCP or UDP. Change this value if you change the port on the N2H2 server.
–
timeout seconds—The number of seconds between 10 and 120 before the FWSM stops trying
to connect to the server, and attempts to connect to the next server in the list (if available). The
default is 30 seconds.
–
protocol {tcp | udp}—Specifies the protocol used for communication between the FWSM and
the N2H2 server. TCP is the default protocol, and is recommended.
For example, to identify redundant Sentian servers, enter:
FWSM/contexta(config)# url-server (perimeter) vendor n2h2 host 10.0.1.1
FWSM/contexta(config)# url-server (perimeter) vendor n2h2 host 10.0.1.2
Buffering Replies
By default, when a user issues a request to connect to a website or FTP server, the FWSM sends the
request to the web/FTP server and to the filtering server at the same time. If the filtering server does not
respond before the web/FTP server, the reply from the web/FTP server is dropped.
To avoid dropping traffic, you can configure the FWSM to buffer replies from web and FTP servers.
When the filtering server eventually responds, the FWSM can allow the connection.
To enable buffering, enter the following command:
FWSM/contexta(config)# url-block block
block-buffer-limit
The block-buffer-limit sets the amount of memory assigned to the buffer from 0 to 128 blocks. Each
block is 1550 bytes.
To Next Page
Loading...
Need help?
General