Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

blocking http for user

Hello

We need to block one user from browsing internet and allow all others. For now I only have ACL on the outside interface.

The user is behind the Firewall ( i.e LAN )

Current setup allows all users to browse internet.

appreicate some help

thanks

Anthony

1 ACCEPTED SOLUTION

Accepted Solutions

blocking http for user

Right on the money - that will do it.  Just make sure the user will ALWAYS be 172.20.20.1 - if he changes, he will bypass the ACL.

HTH>

3 REPLIES

blocking http for user

Create another ACL for the "Inside" to deny the specific host and permit all else.

New Member

blocking http for user

Hello Andrew

Are these entries correct

access-list INSIDE extended deny tcp host 172.20.20.1 any eq http

access-list INSIDE extended permit ip any any

access-group INSIDE in interface inside

thanks

Anthony

blocking http for user

Right on the money - that will do it.  Just make sure the user will ALWAYS be 172.20.20.1 - if he changes, he will bypass the ACL.

HTH>

219
Views
5
Helpful
3
Replies
CreatePlease to create content