Cisco IOS startup configuration
Before you begin
Applies to: |
---|
|
Steps
- Access the router’s software from a console, or from a remote terminal using telnet.
- Enter your password.
- Enter enable and the enable password to put the router into enabled mode.
- Enter configure terminal to activate configure mode.
-
Enter the following command to identify the Filtering Service machine that will filter HTTP requests:
ip urlfilter server vendor forcepoint <ip-address> [port <port-number>] [timeout <seconds>] [retransmit <number>]
Variable Description <ip-address> The IP address of the machine running Filtering Service. <port-number> The Filtering Service port (also referred to as the integration communication port), default 15868. <seconds> The amount of time the Cisco IOS router waits for a response from Filtering Service. The default timeout is 5 seconds.
<number> How many times the Cisco IOS router retransmits an HTTP request when there is no response from Filtering Service. The default is 2.
An example of this command is:
ip urlfilter server vendor forcepoint 12.203.9.116 timeout 8 retransmit 6
To define an additional Filtering Service instance as a backup, repeat the command using the IP address of the second Filtering Service machine.
The configuration settings you create in the following steps are always applied to the primary server.
Only one Filtering Service instance (the primary server) is used at a time. If the primary server becomes unavailable, the system goes to the list of configured Filtering Service instances and attempts to activate the first one. If the first server is not available, the system attempts to activate the next one. This continues until an available server is found or the end of the list of configured servers is reached. If all servers are down, the router goes into allow mode.
-
Enable the logging of system messages to Filtering Service by entering the following command:
ip urlfilter urlf-server-log
This setting is disabled by default. When logging is enabled, the Cisco IOS router sends a log request immediately after the URL lookup request.
(Recent changes to Cisco software at version v15 have removed support for this command. This is under research.)
-
Tell the Cisco IOS router how to filter URL requests by entering the following commands, in sequence:
ip inspect name <inspection–name> http urlfilter
interface <type> <slot/port>
ip inspect <inspection-name> {in|out}
Examples of these commands are:
ip inspect name fw_url http urlfilter
interface FastEthernet 0/0
ip inspect fw_url in
For this sequence to function properly, you must create an inspection rule called fw_url and apply that rule to the inbound interface of the router.
See Cisco documentation for information about creating and applying inspection rules.
To improve performance, Cisco suggests disabling the Java applet scanner. Java applet scanning increases CPU processing load. To disable the Java applet scanner, use the following commands, in sequence:
access-list <num> permit any
ip inspect name <inspection–name> http java-list <num> urlfilter
See Cisco documentation for more information about these commands.
-
To save your changes:
- Enter the exit command twice to leave the configure mode.
- Enter write memory.
These commands store the configuration settings in the Cisco IOS router’s startup configuration so they are not lost if the router is shut down or loses power. -
Use the following commands to view various aspects of your installations:
Command Action show ip inspect name <inspection-name>
Displays a specific inspection rule. show ip inspect all Displays all available inspection information. show ip urlfilter config Displays all URL filtering information. <command-name> ? Displays help on individual commands. For example, ip inspect ? displays the complete syntax for the inspect command, and explains each argument.
-
To stop sending requests to a Filtering Service instance, use the following command:
no ip urlfilter server vendor forcepoint <ip-address>