That CLI is part of the ZFW structure which is available in 12.4(20)T. In 12.4(15)T, the only thing you need to configure for URL filter is *parameter-map type urlfilter *and this parameter map should be configured under a class match matching http traffic.
The parameter map can be configured for websense or N2H2 and with other parameters. If you need to configure urlfilter on 12.4(15), nothing else is required other than the following commands. parameter-map type urlfilter king server vendor websense 10.20.30.40 class-map type inspect httptraff match protocol http policy-map type inspect insp class httptraff inspect urlfilter king With regards Kings On Sun, Nov 14, 2010 at 12:33 AM, Pemasiri Devanarayana <[email protected]>wrote: > Hi Kings, > > I'm having 12.4(15)T on my lab, I even cant use ' class-map type urlfilter > websense' command for configuring URL filter (Websence on Zone based FW > section for Lab) > > R6(config)#class-map type urlfilter websense match-any websense-class > ^ > % Invalid input detected at '^' marker. > > R6(config)#class-map type ? > access-control access-control specific class-map > control Configure a control policy class-map > inspect Configure CBAC Class Map > logging Class map for control-plane packet logging > port-filter Class map for port filter > queue-threshold Class map for queue threshold > stack class-map for protocol header stack specification > > R6(config)#do sh ver > Cisco IOS Software, 2800 Software (C2800NM-ADVENTERPRISEK9-M), Version > 12.4(15)T12, RELEASE SOFTWARE (fc3) > Technical Support: http://www.cisco.com/techsupport > Copyright (c) 1986-2010 by Cisco Systems, Inc. > Compiled Fri 22-Jan-10 02:04 by prod_rel_team > > ROM: System Bootstrap, Version 12.4(13r)T11, RELEASE SOFTWARE (fc1) > > R6 uptime is 2 weeks, 8 hours, 8 minutes > System returned to ROM by reload at 10:48:52 UTC Fri Oct 29 2010 > System image file is "flash:c2800nm-adventerprisek9-mz.124-15.T12.bin" > > What will be an alternative method here for configuring class-map type > urlfilter..? > > > http://www.cisco.com/en/US/docs/ios/sec_data_plane/configuration/guide/sec_zone_polcy_firew_ps6441_TSD_Products_Configuration_Guide_Chapter.html#wp1121063 > > Regards, > > On Fri, Nov 12, 2010 at 9:08 AM, Kingsley Charles < > [email protected]> wrote: > >> Yusuf has responded to the same question I posted on CLN. He confirmed >> that 12.4(15)T is the IOS version that will be in the lab >> >> https://learningnetwork.cisco.com/message/62581#62581 >> >> >> With regards >> Kings >> >> >> On Fri, Nov 12, 2010 at 9:42 AM, Eugene Pefti <[email protected]>wrote: >> >>> And more over, when I try to install 12.4(15)T on the router Cisco’s >>> Advisory software notice says that this particular release is affected by a >>> lot of serious software issues giving quite a list of documented bugs. >>> >>> I just want to make sure that we are not affected by any of these bugs on >>> the real lab exam ;)) >>> >>> >>> >>> Eugene >>> >>> >>> >>> *From:* Eugene Pefti [mailto:[email protected]] >>> *Sent:* Wednesday, November 10, 2010 10:17 PM >>> *To:* 'Kingsley Charles' >>> *Cc:* [email protected] >>> *Subject:* RE: [OSL | CCIE_Security] parameter-map type urlfilter >>> >>> >>> >>> You are dead right, Kings as usual ;) >>> >>> I do run on of the latest releases of 12.4 code. Sometimes it is very >>> frustrating to understand that I never know everything for the lab exam. >>> It’s just impossible to retain everything. >>> >>> >>> >>> Eugene >>> >>> >>> >>> *From:* Kingsley Charles [mailto:[email protected]] >>> *Sent:* Wednesday, November 10, 2010 9:29 PM >>> *To:* Eugene Pefti >>> *Subject:* Re: [OSL | CCIE_Security] parameter-map type urlfilter >>> >>> >>> >>> The “parameter-map type urlfilter" can be found in 12.15(T) after which >>> the ZFW options has changed a bit with the support of Trend Based URL >>> filter servers. >>> >>> The CCIE lab is based on 12.4(15)T. >>> >>> I guess, you are using 12.4(20) or above. >>> >>> With regards >>> Kings >>> >>> On Thu, Nov 11, 2010 at 5:25 AM, Eugene Pefti <[email protected]> >>> wrote: >>> >>> And I don’t know if the “parameter-map type urlfilter NAME” is the right >>> command. >>> >>> I tried it against two images, advsecurity and adventerprise and none of >>> them allows “urlfilter” after the type of parameter map. >>> >>> Acceptable options are urlfpolicy and urlf-glob which are essentially >>> good and quite usable for local URL filtering applications. >>> >>> I configured a bunch of the clients routers with ZBF using parameter maps >>> to do local URL filtering for a number of social networking sites >>> >>> >>> >>> Eugene >>> >>> >>> >>> *From:* [email protected] [mailto: >>> [email protected]] *On Behalf Of *Mark Senteza >>> *Sent:* Tuesday, November 09, 2010 7:59 PM >>> *To:* [email protected] >>> *Subject:* [OSL | CCIE_Security] parameter-map type urlfilter >>> >>> >>> >>> Hey all, >>> >>> I'd like some clarification on the "exclusive-domain" command under the >>> parameter-map type urlfilter command. My understanding is that the >>> exclusive-domain list is a list of domains that are excluded from lookup >>> requests being sent to the URL filter server for. I hope thus far I am >>> correct. >>> >>> My confusion is with the "deny" or "permit" statement. Does the deny >>> statement mean dont bother sending a request to the URL filter server and >>> just deny all traffic sent to the specified domain ? And does the "permit" >>> mean dont bother sending a request to the URL filter server and proceed to >>> permit all traffic sent to the specified domain? >>> >>> Unfortunately, I dont have a Websense server to test this, so I was >>> hoping somebody could enlighten me on this. >>> >>> If the configuration below was used, for example, what would it do: >>> >>> parameter-map type urlfilter URLFILTER-PARAMAP >>> server-vendor websense 192.168.90.90 >>> exclusive-domain deny example.com >>> >>> Thanks again >>> >>> Mark >>> >>> >>> _______________________________________________ >>> For more information regarding industry leading CCIE Lab training, please >>> visit www.ipexpert.com >>> >>> >>> >> >> >> _______________________________________________ >> For more information regarding industry leading CCIE Lab training, please >> visit www.ipexpert.com >> >> >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
