07-12-2012 03:33 AM - edited 03-11-2019 04:30 PM
I have cisco ASA5510 firewall using in my network but unable to bolck Url's unwanted.
can i block the https://facebook.com on the asa by using regular exp.
Thanks,
Saroj
07-12-2012 06:02 AM
Sure can.
here is the sample config for your reference:
http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080940e04.shtml
07-12-2012 06:36 AM
The ASA can not inspect HTTPS. You could deny name-resolution for facebook.com or use a proxy-server that can inspect HTTPS-traffic.
07-12-2012 03:03 PM
Hi,
You can not block https as the "get-request' for the facebook.com will be encypted. However you can use ASA to block facebook based on your DNS request in case you dns request is passing through the ASA. ASA can inspect that DNS packet and based on regex you can deny that dns request.
In this way user will never be able to connect to facebook.com (3-way handshake).
but if you are using an internal DNS server, ASA won't be receiving the request if it is in same LAN segment.
Regards,
Dinkar
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: