1

Application Note
Web URL/Content Filtering on the Cisco ISA500 Security
This application note provides information on how to configure the Cisco ISA500
Security Appliance so that you can filter URLs. For example, you can block
websites that Web URL Filtering usually allows, or allow the websites that Web
URL Filtering usually blocks.
NOTE The Cisco ISA500 has two services to perform URL and Content filtering: Firewall
Content Filtering or a subscription-based Web URL Filtering (Security Services).
Only one of these services can be active at a time. This application note describes
how to perform URL and Content Filtering with Security Services.
The first step to filter a URL is to configure a policy profile. After a policy profile has
been configured, you use the Policy to Zone Mapping page to apply the Web URL
Filtering policy profile to each zone.
Configuring a Policy Profile
The policy profile allows you to identify a web site that you want to block or allow.
NOTE Up to 16 Web URL Filtering policy profiles can be configured on the security
appliance.
STEP 1 Click Security Services > Web URL Filtering > Policy Profile. The Policy Profile
window opens.
STEP 2 Click Add. The Policy Profile - Add/Edit window opens.
STEP 3 Enter a Policy Name and Description.
NOTE If you want to block entire URL categories, for example, Social Networking, select
the categories that you want to block in the Categories Table. If you only want to
block categories, click OK and then click Save, and go to Mapping Web URL
Filtering Policy Profiles to Zones, on page 3, otherwise continue with the next
step to block or allow specific URLs.
STEP 4 Click the Edit button.
STEP 5 Click Add. The Website Access Control Rule - Add/Edit window opens.
STEP 6 Enter a URL to block or allow.
Note: If you want to block a URL, ensure that you choose Deny; the Permit option is the default value.
2
Application Note
STEP 7 Choose a Match Type, either Domain or URL Keyword.
NOTE The Match Type Domain permits or denys the HTTP access of a website that fully
matches the domain name that you entered in the URL field. For example, For
example if you enter the text www.facebook.com in the URL field, then
www.facebook.com (and www.facebook.com/*) will be blocked or allowed.
NOTE The Match Type URL Keyword permits or denies the HTTP access of a website
that contains the keyword that you entered in the URL field. For example, if you
enter the text facebook in the URL field, then both of these URLs will be blocked
or allowed: www.facebook.com or www.cisco.com/facebook. You can also use
this option to block or allow a specific type of content, for example, if you enter mp3
in the URL field, then all MP3 files will be blocked or allowed.
STEP 8 Choose an Action, either Deny or Permit, and click OK.
STEP 9 Click OK to close all other windows.
STEP 10 Click Save to save the policy profile. In this example, the URL www.facebook.com
is blocked.
3
Application Note
Mapping Web URL Filtering Policy Profiles to Zones
Use the Policy to Zone Mapping page to apply the Web URL Filtering policy profile
to each zone. The Web URL Filtering policy assigned to each zone determines
whether to block or forward the HTTP requests from the hosts in the zone. By
default, Default Profile that permits all URL categories is assigned to all predefined
zones and new zones.
STEP 1 Click Security Services > Web URL Filtering > Policy to Zone Mapping. The
Policy to Zone Mapping window opens.
STEP 2 Click On to enable Web URL Filtering.
STEP 3 In the Zone Policy Map area, choose a Web URL Filtering policy for each zone. For
example, to block facebook as defined in the example, choose block facebook
from the LAN policy.
STEP 4 Click Save to apply your changes. In this example, www.facebook.com is blocked
on all traffic going through this LAN.
4
Application Note
Related Information
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list
of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective
owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R)
2012 Cisco Systems, Inc. All rights reserved.
78-21092-01
Support
Cisco Small Business
Support Community
www.cisco.com/go/smallbizsupport
Cisco Small Business
Support and Resources
www.cisco.com/go/smallbizhelp
Phone Support Contacts www.cisco.com/go/sbsc
Cisco Small Business
Firmware Downloads
www.cisco.com/go/software
Select a link to download firmware for Cisco Small
Business Products. No login is required.
Product Documentation
Cisco Small Business RV
Series Routers
www.cisco.com/go/smallbizrouters
Cisco Small Business
Cisco Partner Central for
Small Business (Partner
Login Required)
www.cisco.com/web/partners/sell/smb
Cisco Small Business
Home
www.cisco.com/smb