Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

SA540 https filtering

HI,

Im trying to block https://www.facebook.com it works with url filtering for port 80 but not for https (port 443)

Any solution ?

2 REPLIES

SA540 https filtering

Hello Dragulla,

The SA540 by itself cannot inspect the https protocol as it does it with the http protocol, this because as you know the content on the https protocol is encrypted (SSL).

So in order to do this you will need to use an external proxy server that will be able to do a deep packet inspection for the https protocol.

Regards,

Do please rate helpful posts.

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
New Member

You should execute the

You should execute the command nslookup www.facebook.com to see the IP address of this domain to create rules to block the output connection HTTPS on port 443 to this address

 

Sorry my bad english. I'm from Brazil.

4549
Views
5
Helpful
2
Replies
CreatePlease to create content