Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
363
Views
4
Helpful
3
Replies

Blocking Websites using FWSM

Go to solution
gagamboy15
Level 1
Level 1

‎06-28-2009 08:38 AM - edited ‎03-12-2019 05:59 PM

Hi everyone,

Does the FWSM can be used to block specific websites? If yes, kindly send me the link so I can study it.

Appreciate your help. Thanks in advance.

regards,

Gagamboy

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Kureli Sankar
Cisco Employee
Cisco Employee
In response to gagamboy15

‎06-28-2009 03:46 PM

The FWSM needs acl applied on all interfaces for traffic to flow.

It doesn't matter if you are using a proxy server. If you can resolve the name of the website to an IP address (hope that doesn't change) you can add a deny for this destination ip address on the FWSM interface that is facing the proxy server.

ex:

proxy ip 10.10.10.1--vlan10--FWSM---vlan20-Internet website (192.168.1.1)

I am using private addresses here:

you would add an acl to the access-list applied on vlan10.

access-list vlan10-in deny tcp host 10.10.10.1 host 192.168.1.1 eq 80

access-list vlan10-in permmit tcp host 10.10.10.1 any eq 80

access-g vlan10-in in int vlan10

You are denying the flow and then permitting the rest.

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Kureli Sankar
Cisco Employee
Cisco Employee

‎06-28-2009 09:56 AM

Yes, it can, if you know the IP address via an acl. Besides that if you want to block based on content then, you need websense or n2h2.

You can read here:

http://www.cisco.com/en/US/docs/security/fwsm/fwsm32/configuration/guide/filter_f.html#wp1042319

Go to solution
gagamboy15
Level 1
Level 1
In response to Kureli Sankar

‎06-28-2009 10:33 AM

Thanks for the info Kusankar.

One question, I am using a proxy server, so how can I block specific URLs? I thinks it should be incoming via ACL or FWSM?

Sorry I did'nt have much idea on FWSM. Thanks in advance.

0 Helpful

Go to solution
Kureli Sankar
Cisco Employee
Cisco Employee
In response to gagamboy15

‎06-28-2009 03:46 PM

The FWSM needs acl applied on all interfaces for traffic to flow.

It doesn't matter if you are using a proxy server. If you can resolve the name of the website to an IP address (hope that doesn't change) you can add a deny for this destination ip address on the FWSM interface that is facing the proxy server.

ex:

proxy ip 10.10.10.1--vlan10--FWSM---vlan20-Internet website (192.168.1.1)

I am using private addresses here:

you would add an acl to the access-list applied on vlan10.

access-list vlan10-in deny tcp host 10.10.10.1 host 192.168.1.1 eq 80

access-list vlan10-in permmit tcp host 10.10.10.1 any eq 80

access-g vlan10-in in int vlan10

You are denying the flow and then permitting the rest.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card