Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

ISA570 Block Non-HTTP Access by FQDN instead of IP Address

Unanswered Question
May 12th, 2014
User Badges:

Does anyone know a way to block any access to a site by FQDN instead of its ip address on the ISA500 series devices?  I know you can block website access with Web URL filtering using FQDNs, but what it you want to block non-HTTP traffic to a site that has either multiple IPs or dynamic IPs?  I typically use  Address Management to setup sites that I want to limit or block, but you have to define specific IPs or ranges and that doesn't always work especially if host IPs are dynamic.   Also, host static IPs can change over time so even if you define them in Address Management you have to periodically audit them to make sure they are still correct.

This is not only an issue with blocking sites, but also in trying to define QoS policies as those use addresses defined in Address Management which again use specific IPs or ranges.  I am just trying to find a more reliable, long term, method of doing these types of management activities on the ISA500 devices.


Thanks for any advice.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Brandon Svec Mon, 05/12/2014 - 14:00
User Badges:
  • Silver, 250 points or more
  • Community Spotlight Award,

    Small Business, February 2016

I am pretty sure you cannot do this on ISA.  I think you could use opendns.com to accomplish blocking non-http sites by FQDN.  You could do blocking and QOS by FQDN  with what Cisco generally considers the replacement for this product, the Meraki MX60.


This Discussion