Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

Block Web Sites

hi, Is there anything through which it could be possible to block the webpage instead of making access list into FW as other FW has same feature. Thanks

1 ACCEPTED SOLUTION

Accepted Solutions

Re: Block Web Sites

first of all here in neyPro we use rating for helpful post

so please, rate for each help helpful post !

and about limiting u can use policing with policy maps

as fowllow

make and acl matching the particular user ip traffic or any spisific type of traffic

access-list 100 permit ip host (user ip) any

then

class-map limit-class

match access-list 100

policy-map limit-policy

class limit-class

police input 20000 confirm-action transmit exceed-action drop

then apply it to ur inside einterface to limit the outbound traffic for that user

service-policy limit-policy interface inside

remember u can have one policy on each interface per direction

so if u have configured the prevous one for web url filtering u have to add the class-map and this policy config to the same prevous policy

good luck and rate if helpful

let me know if its worked

7 REPLIES

Re: Block Web Sites

sure u can

this is example to u to block yahoo.com

regex web1 "\.yahoo\.com"

make acl to match the direction from where to where the traffic for this url to be block

lets say from inside to outside toward the internet

access-list url-acl extended permit tcp (ur inside network with mask) any eq www

class-map type regex match-any url-lists

match regex web1

(and u can add more regex matching here)

then

class-map type inspect http match-all url-block

match request header host regex class url-lists

class-map httptraffic

match access-list url-acl

policy-map type inspect http http-policy

class url-block

reset log

policy-map url-block-policy

class httptraffic

inspect http http-policy

then apply it to the source of your trafffic as we assumed the inside interface

sevice-policy url-block-policy interface inside

becarefull with matching statements any mistake may lead to not blocking

and becarefull also with the REGEX

good luck

Please Rate if helpful

Community Member

Re: Block Web Sites

Thanks for this valuable information. I appreciate. Now I want to fix downloding bandthwidth on the users. We have a 1MB link 1:1 ratio and I want that a particular user could able only to use upto 20 kb but not higher. Is there any solution??? Thnks.

Re: Block Web Sites

first of all here in neyPro we use rating for helpful post

so please, rate for each help helpful post !

and about limiting u can use policing with policy maps

as fowllow

make and acl matching the particular user ip traffic or any spisific type of traffic

access-list 100 permit ip host (user ip) any

then

class-map limit-class

match access-list 100

policy-map limit-policy

class limit-class

police input 20000 confirm-action transmit exceed-action drop

then apply it to ur inside einterface to limit the outbound traffic for that user

service-policy limit-policy interface inside

remember u can have one policy on each interface per direction

so if u have configured the prevous one for web url filtering u have to add the class-map and this policy config to the same prevous policy

good luck and rate if helpful

let me know if its worked

Community Member

Re: Block Web Sites

Can u send me a any link of example, if possible. Thanks

Re: Block Web Sites

Community Member

Re: Block Web Sites

Thanks, I appreciate... Are you from India?

Re: Block Web Sites

no, and good luck

304
Views
0
Helpful
7
Replies
CreatePlease to create content