Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

how to block https sites with asa 5515

Hi friends, i want to block https sites and i have a cisco asa 5515-x, somebody have idea for do that?

1 REPLY
Hall of Fame Super Silver

The default behavior of an

The default behavior of an ASA is to allow all traffic from more secure (Inside) to less secure (Outside) interfaces. If you want to change that then add an access-list.

The problem is that most - but not all - sites use tcp/443 for https. So while a simple deny tcp/443 followed by a permit any (required because once you put and access control list entry on an interface, an implicit "deny any" is added to the end of the list) will catch most of the https, it won't catch it all.

But if that suffices for your purposes go for it.

359
Views
0
Helpful
1
Replies
CreatePlease to create content