Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4938
Views
0
Helpful
4
Replies

Adding URL and IP address to the Firewall

MissLaura1989
Level 1
Level 1

‎07-23-2012 04:01 AM - edited ‎03-11-2019 04:33 PM

Hi,

I have Cisco ASDM 6.2 for ASA and I have been requested to add a list of URLs and IP address to the whitelist on the firewall.

I haven’t had much experience using this program so unsure of where I go to add these and I don’t want to risk changing anything that might affect the security of the firewall.

The address I need to add include:

IP address

https:// sites

http:// sites

Thanks

Labels:
0 Helpful
4 Replies 4

Jennifer Halim
Cisco Employee
Cisco Employee

‎07-24-2012 02:23 AM

Does the ASA have CSC module or are you trying to deny that using access-list?

If the ASA has CSC module then you would need to connect to the CSC/Trend Micro configuration section.

If you only use access-list to deny access, you can only use IP Address. The full URL needs to use REGEX to deny.

And you can't block HTTPS using URL as the URL is encrypted. HTTPS using IP Address can be blocked using access-list.

0 Helpful

Ramraj Sivagnanam Sivajanam
Level 4
Level 4

‎07-26-2012 08:09 PM

Hi Bro

I guess you've to use the regex method for now, as mentioned by Jennifer Halim above. This is because "access-list webtype" is widely used in SSLVPN. Click here for further details http://www.cisco.com/en/US/docs/security/asa/asa84/command/reference/a1.html#wp1599455

P/S: if you think this comment is useful, please do rate it nicely and select "This Question is Answered"

Warm regards,
Ramraj Sivagnanam Sivajanam
0 Helpful

nkarthikeyan
Level 7
Level 7

‎07-27-2012 04:04 AM

Hi Laura,

Either go for an CSC-SSM (Content Security and Control - Security Services Module) for URL whitelisting or regex is an open option but its quite little complicated.

By

Karthik

0 Helpful

nkarthikeyan
Level 7
Level 7
In response to nkarthikeyan

‎07-27-2012 04:06 AM

Hi Laura,

Also regex option works only for http.

By

Karthik

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card