Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

Cisco ASA5510

I have  cisco ASA5510 firewall  using in my network but  unable to bolck Url's  unwanted.

can i block the https://facebook.com  on the asa by using regular exp.

Thanks,

Saroj

Everyone's tags (1)
3 REPLIES
Cisco Employee

Cisco ASA5510

VIP Purple

Re: Cisco ASA5510

The ASA can not inspect HTTPS. You could deny name-resolution for facebook.com or use a proxy-server that can inspect HTTPS-traffic.

Cisco Employee

Re: Cisco ASA5510

Hi,

You can not block https as the "get-request' for the facebook.com will be encypted. However you can use ASA to block facebook based on your DNS request in case you dns request is passing through the ASA. ASA can inspect that DNS packet and based on regex you can deny that dns request.

In this way user will never be able to connect to facebook.com (3-way handshake).

but if you are using an internal DNS server, ASA won't be receiving the request if it is in same LAN segment.

Regards,

Dinkar

500
Views
0
Helpful
3
Replies
CreatePlease to create content