User's Manual
Table Of Contents
- Getting Started
- Wizards
- Using the Startup Wizard
- Using the Wireless Wizard to Configure the Wireless Settings for ISA550W and ISA570W
- Using the DMZ Wizard to Configure the DMZ Settings
- Using the Dual WAN Wizard to Configure the WAN Redundancy Settings
- Using the Site-to-Site Wizard to Establish the Site-to-Site VPN Tunnels
- Using the Remote Access Wizard to Establish the IPSec VPN Tunnels or SSL VPN Tunnels for Remote Access
- Status
- Networking
- Configuring IP Routing Mode
- Port Management
- Configuring the WAN
- Configuring the WAN Redundancy
- Configuring the VLAN
- Configuring the DMZ
- Configuring the Zones
- Configuring the Routing
- Dynamic DNS
- IGMP
- VRRP
- Configuring the Quality of Service
- Address Management
- Service Management
- Wireless Configuration for ISA550W and ISA570W
- Firewall
- Configuring the Firewall Access Rules to Control Inbound and Outbound Traffic
- Configuring the Firewall Schedule
- Firewall Access Rule Configuration Examples
- Configuring the NAT Rules to Securely Access a Remote Network
- Configuring the Session Settings
- Configuring the Content Filtering to Control Access to Internet
- Configuring the MAC Filtering to Permit or Block Traffic
- Configuring the IP/MAC Binding to Prevent Spoofing
- Configuring the Attack Protection
- Configuring the Application Level Gateway
- Security Services
- VPN
- About VPN
- Configuring the Cisco IPSec VPN Server
- Configuring the Cisco IPSec VPN Client
- Configuring the Site-to-Site VPN
- Configuring the SSL VPN
- Elements of the SSL VPN
- Configuration Tasks to Establish a SSL VPN Tunnel
- Installing the Cisco AnyConnect VPN Client on User’s PC
- Importing the Certificates for User Authentication
- Configuring the SSL VPN Users
- Configuring the SSL VPN Gateway
- Configuring the SSL VPN Group Policies
- Configuring the SSL VPN Portal
- Configuring the L2TP Server
- Configuring the VPN Passthrough
- Viewing the VPN Status
- User Management
- Device Management
- Remote Management
- Administration
- SNMP
- Configuration Management
- Firmware Management
- Log Management
- Managing the Security License
- Managing the Certificates for Authentication
- Configuring the Email Alert Settings
- Configuring the RADIUS Servers
- Configuring the Time Zone
- Device Discovery
- Diagnosing the Device
- Measuring and Limiting Traffic with the Traffic Meter
- Configuring the ViewMaster
- Configuring the CCO Account
- Configuring the Device Properties
- Configuring the Debug Settings
- Troubleshooting
- Technical Specifications and Environmental Requirements
- Factory Default Settings
- Where to Go From Here
Firewall
Configuring the Content Filtering to Control Access to Internet
Cisco ISA500 Series Integrated Security Appliance Administrator Guide 204
6
Mapping the Content Filtering Policy Profiles to Zones
Use the Policy Profile & Zone Mapping page to map the content filtering policy
profile to each zone.
STEP 1 Click Firewall -> Content Filtering -> Policy Profile & Zone Mapping.
The Policy Profile & Zone Mapping window opens.
STEP 2 Click On to enable the content filtering feature, or click Off to disable it.
STEP 3 In the Policy Profile & Zone Mapping List area, choose the policy profile used for
each zone. By default, the Default_Profile that permits all web access is selected
for all predefined and new zones.
STEP 4 Click Save to apply your settings. .
Configuring Advanced Settings
STEP 1 Click Firewall -> Content Filtering -> Advanced Settings.
The Advanced Settings window opens.
STEP 2 Enter the following information:
• Specify HTTP port for the filtering (default: 80): Enter the port number that
is used for content filtering. The default is 80.
For example, if you permit the HTTP access to the website http://
www.ABcompanyC.com and set the HTTP port to 80. The access to http://
www.ABcompanyC.com:8080 will be blocked.
• Web Components: You can block web components like Proxy, Java,
ActiveX, and Cookies. By default, all of them are permitted.
- Proxy: Check the box to block proxy servers, which can be used to
circumvent certain firewall rules and thus present a potential security
gap.
- Java: Check the box to block applets from being downloaded from
internet sites.
- ActiveX: Check the box to prevent ActiveX controls from being
downloaded via Internet Explorer.