Hi all As per the following snippet, http inspection is required for filtering.
Snippet from http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/inspect.html#wp1335632 Use the HTTP inspection engine to protect against specific attacks and other threats that may be associated with HTTP traffic. HTTP inspection performs several functions: •Enhanced HTTP inspection •URL screening through N2H2 or Websense •Java and ActiveX filtering The latter two features are configured in conjunction with the *filter*command. I configured a dummy non existent url-server and configured the following rule. Hence any http request will be dropped as there is no "allow" configured along with the following rule. My http request gets denied across the ASA but I didn't enable http inspection. filter url http 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 My default, http inspection is not configured under policy-map global_policy. If there is a task asked to configure for filtering, should we enable http inspection or not? With regards Kings
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
