21-35
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter21 Managing Zone-based Firewall Rules
Configuring Content Filtering Maps for Zone-based Firewall Policies
Related Topics
Understanding Map Objects, page 6-72
Configuring Inspection Maps for Zone-based Firewall Policies, page21-15
Configuring Content Filtering Maps for Zone-based Firewall Policies, page21-35
Understanding the Zone-based Firewall Rules, page 21-3
Field Reference
Configuring Content Filtering Maps for Zone-based Firewall Policies
When you configure zone-based firewall policies for a router, you can define rules to filter Web content
by choosing Content Filter as the Action for the rule.
To filter Web content, you must configure certain map objects, which you can do from the policy object
selector dialog box while defining the rule, or at any time in the Policy Object Manager window (select
Manage > Policy Objects).
The type of maps required depends on the technique you are using to filter content, and on the Cisco IOS
software version you are using. You can filter content based on URL lists defined locally on the device,
or you can use external filtering servers such as SmartFilter (N2H2), Websense, or Trend Micro.
Tip If you use an external server, you must have set up and configured the server appropriately based on the
documentation for the type of server you select. If you use Trend Micro servers, you must specify the
server details, and register the product and download certificates, on the Content Filtering tab of the Zone
Based Firewall page (select Firewall > Settings > Zone Based Firewall). See Zone Based Firewall Page,
page 21-49.
The following are requirements for the map objects used with zone-based content filtering:
Table21-12 Add or Edit Match Condition and Action Dialog Boxes for Zone-Based Firewall
Polici es
Element Description
Match Type Indicates that you are selecting a class map. You must define class maps
when creating policy maps for zone-based firewall policies.
Class Map
P2P, IM, and Web Filter class
map types.
The name of the class map for the type of policy map you are creating.
Click Select to select the map from a list or to create a new class map
object.
For P2P, IM, and Web Filter policy maps, you must also select the type
of policy map you are creating. For example, in a P2P map you must
select between eDonkey, FastTrack, Gnutella, and Kazaa2. In an IM
(Zone Based IOS) map, you must select between AOL, MSN
Messenger, Yahoo Messenger, Windows Messenger, and ICQ. In a Web
Filter map, you must select between Local, N2H2, WebSense, and
Trend.
Action The action you want the device to take for traffic that matches the
selected class.