CHAPT ER
39-1
Cisco ASA 5500 Series Configuration Guide using the CLI
39
Configuring Filtering Services
This chapter describes how to use filtering services to provide greater control over traffic passing
through the ASA and includes the following sections:
Information About Web Traffic Filtering, page39-1
Configuring ActiveX Filtering, page39-2
Configuring Java Applet Filtering, page39-4
Filtering URLs and FTP Requests with an External Server, page39-6
Monitoring Filtering Statistics, page39-15

Information About Web Traffic Filtering

You can use web traffic filtering in two distinct ways:
Filtering ActiveX objects or Java applets
Filtering with an external filtering server
Instead of blocking access altogether, you can remove specific undesirable objects from web traffic, such
as ActiveX objects or Java applets, that may pose a security threat in certain situations.
You can use web traffic filtering to direct specific traffic to an external filtering server, such an Secure
Computing SmartFilter (formerly N2H 2) or the Websense filtering server. You can enable long URL,
HTTPS, and FTP filtering using either Websense or Secure Computing SmartFilter for web traffic
filtering. Filtering servers can block traffic to specific sites or types of sites, as specified by the security
policy.
Note URL caching will only work if the version of the URL server software from the URL server vendor
supports it.
Because web traffic filtering is CPU-intensive, using an external filtering server ensures that the
throughput of other traffic is not affected. However, depending on the speed of your network and the
capacity of your web traffic filtering server, the time required for the initial connection may be
noticeably slower when filtering traffic with an external filtering server.