Web Filter Server Type
|
The type of web filter server you are using:
-
None—You are not using web filter servers.
-
Websense—You use Websense servers.
-
Secure Computing SmartFilter/N2H2—You use Smartfilter servers. If you select this option, you can specify the server port
to use for communication in the Port field.
Tip
|
If you change this setting, you are prompted to remove the existing list of servers from the table. Clicking Yes does not clear the table. The prompt is to remind you that the list might contain the wrong type of servers.
|
|
Web Filter Servers table
|
The servers that the device should use for web filtering. Enter the servers in priority order; the device uses the first one
in the list until it fails to respond, and moves to the next server in the list until it gets a response.
If you select None for filter type, this list is ignored.
-
To add a server, click the Add Row button and fill in the Web Filter Server Configuration Dialog Box.
-
To edit a server, select it and click the Edit Row button.
-
To delete a server, select it and click the Delete Row button.
|
IOS Specific Settings
|
Allow Traffic when Servers Unreachable
|
Whether the device should allow web traffic if the web filter servers are not responding. If you do not select this option,
all web access is prevented until the servers come back online.
If you allow web traffic when the servers are down, the web requests are not filtered and access to all web servers is allowed.
|
Enable Alerts
|
Whether to generate stateful packet inspection alert messages on the console.
|
Enable Audit Trail
|
Whether audit trail messages are logged to the syslog server or router.
|
Enable Web Filter Server Logging
|
Whether to send system messages to the URL filtering server for logging. The device sends a log request immediately after
the URL lookup request. The log request contains the URL, hostname, source IP address, and the destination IP address. The
server records the log request into its own log server so you can view this information as necessary.
|
Cache Size
|
The maximum number of destination IP addresses (and their authorization status) that can be cached in the device. The default
value is 5000.
When the cache reaches 80% full, the device starts removing older inactive entries.
|
Maximum Requests
|
The maximum number of outstanding requests that can exist at any given time. If the specified number is exceeded, new requests
are dropped. The default is 1000.
|
Packet Buffer
|
The maximum number of HTTP responses that can be stored in the packet buffer of the device while it waits for the web filter
server to allow or deny the request. The device drops responses when the maximum is reached. The default (and maximum) value
is 200.
When users make web requests, the device simultaneously sends the request to the web site and to the web filtering server.
If the response from the web site is received before the server provides a permit or deny response, the device keeps the request
in the packet buffer until it gets a response from the server.
The response is removed from the buffer when the server responds or if the device determines that the server is unavailable
and you also selected Allow Traffic when Servers Unreachable.
|
PIX/ASA/FWSM Specific Settings
|
Cache Match Criteria
|
How to cache web requests:
-
Source and Destination—Cache entries are based on both the address initiating the request and the destination web address.
Select this mode if users do not share the same filtering policy on the filtering server.
-
Destination—Cache entries are based on the destination web address. Select this mode if all users share the same filtering
policy on the filtering server.
|
URL Buffer Memory
(ASA 7.2+, PIX 7.2+ only.)
|
The size of the URL buffer memory pool in KB. Values are 2 to 10240.
|
Maximum Allowed URL Size
(ASA 7.2+, PIX 7.2+ only.)
|
The maximum allowed URL size in KB for each URL being buffered. The possible values differ depending on server type:
|
Cache Size
|
The size of the cache, in KB, for storing responses from the filtering server. Values are 1 to 128.
Caching stores URL access privileges in memory on the security appliance. When a host requests a connection, the security
appliance first looks in the URL cache for matching access privileges instead of forwarding the request to the Websense server.
|
URL Block Buffer Limit
|
The size of the buffer for storing web server responses while waiting for a filtering decision from the filtering server.
The values are 1 to 128, which specifies the number of 1550-byte blocks.
|