21-46
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 21 Managing Zone-based Firewall Rules
Configuring Content Filtering Maps for Zone-based Firewall Policies
Configuring Web Filter Maps
Use the Add and Edit Web Filter Map dialog boxes to define the parameters and match criterion and
values for an inspection map used in a zone-based firewall policy for a router.
If you configure the action of a zone-based firewall policy rule as Content Filter, you can select a Web
Filter policy map to define web filtering parameters and match criteria. You can select Web Filter policy
maps only for routers running Cisco IOS Software release 12.4(20)T and higher. If you are configuring
zone-based firewalls for routers running Cisco IOS Software release 12.4(6)T up to 12.4(20)T, you must
configure a URL Filter parameter map instead of a Web Filter policy map. For more information, see
Configuring URL Filter Parameter Maps, page 21-42.
You can configure a mix of local and server-based web filtering. To do this, you should select a parameter
map appropriate for the type of server you are using, and for the match criteria, an appropriate mix of
local and server class maps. Do not mix class and parameter maps for different types of servers.
Navigation Path
Select Manage > Policy Objects, then select Maps > Policy Maps > Web Filter > Web Filter from the
Object Type selector. Right-click inside the table and select New Object or right-click a row and select
Edit Object.
Related Topics
Understanding Map Objects, page 6-72
Configuring Content Filtering Maps for Zone-based Firewall Policies, page21-35
Understanding the Zone-based Firewall Rules, page 21-3
Value The server domains or keywords for the URLs you are targeting. Enter
only one type of glob: either all server domains, or all URL keywords,
but not a mixture of both.
If you include more than one entry, separate the entries with new lines.
For example, the following entries identify all government or education
web servers:
*.gov
*.edu
Category The category assigned to the object. Categories help you organize and
identify rules and objects. See Using Category Objects, page 6-12.
Allow Value Override per
Device
Overrides
Edit button
Whether to allow the object definition to be changed at the device level.
For more information, see Allowing a Policy Object to Be Overridden,
page 6-18 and Understanding Policy Object Overrides for Individual
Devices, page 6-17.
If you allow device overrides, you can click the Edit button to create,
edit, and view the overrides. The Overrides field indicates the number
of devices that have overrides for this object.
Table21-18 Add or Edit URLF Glob Parameter Map Dialog Boxes (Continued)
Element Description