Cisco routers implement Web content filtering

It is basic for enterprises to restrict employees' WEB browsing content. How should we do this? This article provides detailed answers on URL filtering, router filtering settings, and IOS settings.

To protect enterprise networks and end users from malicious or undesirable web content intrusion, we can use subscription-based Cisco IOS content filtering. This is the first time Cisco has incorporated the services provided by third-party companies such as SmartFilter (former N2H2 company) and Websense into IOS 12.2 (15) T. In IOS12.4 (15) XZ and 12.4 (20) T this year, Cisco IOS added Trend Micro (Trend) to its URL filtering service.

If you want to use the above features, make sure that our router IOS supports this feature. With Cisco IOS Feature Navigator, we can verify that the software image used supports this Feature.

Of course, in addition to the appropriate IOS images, we must register services with these third-party companies to obtain their URL filtering services. Based on the Trend Micro wizard, we can register a Router to obtain the Trend Router Provisioning Server (TRPS ). For more information, see Prerequisites for Cisco subscribe-based IOS Content Filtering.

Why does it rely on URL filtering?

As a network administrator, we certainly do not want to spend a lot of time focusing on the Network Content browsed by users. The Internet filter service is a convenient function for this situation. In the past, when I deployed the Web page filtering service, I always liked to say to users who complained: "This is a Web filtering service, saying that your website is not allowed to be accessed. "

By deploying URL filtering, we can use services of third-party companies to filter malicious or inappropriate Internet traffic from end users. In addition to simply enabling or disabling the filter function, we can also open the content or site for specific websites and users.

The end user's URL request is associated with the Trend Router Provisioning Server (TRPS) to allow or deny user access based on our preset policies. When you type a URL, the Service performs a query based on the policy. If the policy permits, the user can continue to access the website. If the policy does not permit, the user will be blocked from accessing the URL.

Cisco filter options

Whitelist: (trust domain name list) allows you to set a specific domain name through a vro, such as www.techrepublic.com

Blacklist: (non-trusted domain name list) specifies a specific domain name and cannot pass through the router. The setting information is displayed

By the server for later check. For example, www.badsite.com

Blocking Keyword: Set the URL string or keyword used for filtering, such as * www. parrot. * or * rockbaby *. In this way, once "rockbaby," appears in the URL, the router will block access without passing through the TRPS server. Cache recent requests: This function saves the processing policies of recent access requests. Therefore, there is no need to let the user pass the TRPS process every time a request is sent.

Group Buffer: This function allows you to store URL information while waiting for the query process to complete. This is a powerful function that can prevent router overload caused by excessive HTTP requests. The default Response count is 200, but can be modified. This function also applies to third-party filter servers Websense and SmartFilter.

How do I configure Cisco IOS URL filtering?

To configure Cisco ios url filtering, we need to have a deep understanding of firewall rules and URL filtering principles. After we register with Trend Micro's filter system, follow these steps to set the Trend Micro URL filter service in Cisco IOS:

Configure Class Maps for local URL filtering

Configure Class Maps for Trend Micro URL filtering

Configure Parameter Maps for Trend Micro URL filtering

Configure a URL Filter Policy

Additional URL Filter Policy

For the IOS commands and configuration examples required to configure third-party URL Filtering, refer to the Cisco's subscribe-based IOS Content Filtering webpage.

Summary

By using the Cisco IOS filter to filter URLs, we can easily block malicious websites out of the enterprise network. For various types of enterprises, in order to protect their network security and maintain their work efficiency, the demand for Web content filtering is growing.