Go to the table of contents Go to the previous page Go to the next page
Integrating Web Security with Cisco > Cisco IOS startup configuration
Cisco IOS startup configuration
Deployment and Installation Center | Web Security Solutions | Version 7.8.x
Before Websense software can filter Internet requests, the Cisco IOS router must be configured to use Filtering Service as a URL filter.
1.
2.
3.
Enter enable and the enable password to put the router into enabled mode.
4.
Enter configure terminal to activate configure mode.
5.
ip urlfilter server vendor websense <ip-address>
[port <port-number>] [timeout <seconds>]
[retransmit <number>]
 
An example of this command is:
ip urlfilter server vendor websense 12.203.9.116 timeout 8 retransmit 6
To define an additional Filtering Service instance as a backup, repeat the command using the IP address of the second Filtering Service machine.
The configuration settings you create in the following steps are always applied to the primary server.
Only one Filtering Service instance (the primary server) is used at a time. If the primary server becomes unavailable, the system goes to the list of configured Filtering Service instances and attempts to activate the first one. If the first server is not available, the system attempts to activate the next one. This continues until an available server is found or the end of the list of configured servers is reached. If all servers are down, the router goes into allow mode.
6.
ip urlfilter urlf-server-log
This setting is disabled by default. When logging is enabled, the Cisco IOS router sends a log request immediately after the URL lookup request.
7.
ip inspect name <inspection–name> http urlfilter
interface <type> <slot/port>
ip inspect <inspection-name> {in|out}
Examples of these commands are:
ip inspect name fw_url http urlfilter
interface FastEthernet 0/0
ip inspect fw_url in
For this sequence to function properly, you must create an inspection rule called fw_url and apply that rule to the inbound interface of the router.
See Cisco documentation for information about creating and applying inspection rules.
To improve performance, Cisco suggests disabling the Java applet scanner. Java applet scanning increases CPU processing load. To disable the Java applet scanner, use the following commands, in sequence:
access-list <num> permit any
ip inspect name <inspection–name> http java-list <num> urlfilter
See Cisco documentation for more information about these commands.
8.
a.
Enter the exit command twice to leave the configure mode.
b.
Enter write memory.
These commands store the configuration settings in the Cisco IOS router's startup configuration so they are not lost if the router is shut down or loses power.
9.
 
For example, ip inspect ? displays the complete syntax for the inspect command, and explains each argument.
10.
no ip urlfilter server vendor websense <ip-address>

Go to the table of contents Go to the previous page Go to the next page
Integrating Web Security with Cisco > Cisco IOS startup configuration
Copyright 2016 Forcepoint LLC. All rights reserved.