Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

ASA Monitoring

Hi Community,

Employees in my company are going through Microsoft Proxy Server. Furthemore,  I have got an Cisco ASA 5540 as an edge firewall.

Here, my question is that How can i monitor through ASA that who are users bypassing my proxy server ?

Can someone help me in this ?

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: ASA Monitoring

If you are not allowing users to access the internet directly, then there is no way the ASA can allow the access through unless there are access-list entries which are allowing the specific access.

There is no specific feature to monitor web traffic in particular on the ASA firewall.

You can share the access-list that you have configured and I can double check to see if other web traffic but from the proxy server is allowed through. Otherwise, unfortunately there is no specific monitoring for web traffic on the ASA.

4 REPLIES
Cisco Employee

Re: ASA Monitoring

You can configure access-list to only allow the Microsoft Proxy server to access the internet and block everyone else from browsing the internet.

That way, you only allow web traffic from Microsoft Proxy server but not from all other users.

Community Member

Re: ASA Monitoring

Hi Jennifer,

Thank you for your quick reply

I would let you know i have already ACL in place as you said

Allowing Proxy Server and and at last one statement deny all traffice internal traffic.

But I just want to double make sure that no one bypass by proxy server.

Is there any asa monitoring tool ?

Thanks

Cisco Employee

Re: ASA Monitoring

If you are not allowing users to access the internet directly, then there is no way the ASA can allow the access through unless there are access-list entries which are allowing the specific access.

There is no specific feature to monitor web traffic in particular on the ASA firewall.

You can share the access-list that you have configured and I can double check to see if other web traffic but from the proxy server is allowed through. Otherwise, unfortunately there is no specific monitoring for web traffic on the ASA.

Community Member

Re: ASA Monitoring

Thank You Jennifer for that clarification I really appreciate.

518
Views
0
Helpful
4
Replies
CreatePlease to create content