Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Cisco SA 520

Hello,

I have a cisco SA 520, I want to know if I can Block HTTPS, Not the service, just https for facebook!

I tried firewall i was able to block only HTTP for facebook! I got the license for Protectlink Gateway, and blocked the social network websites, but again only the HTTP was blocked, still HTTPS are able to open! How can I stop the HTTPS facebook!

Thanks

5 REPLIES
Cisco Employee

Cisco SA 520

Hi Tony,

Currently SA500 supports content filtering only on port 80.  You can block the https access to facebook in firewall. Perform NSlookup for facebook and create a firewall rule blocking https access to the IP addresses listed by the NSlookup.

Best regards,

Julio

Bronze

Cisco SA 520

Hello Tony,

No network based appliance will be able to filter only https traffic to a specific domain name. When the traffic leaves the clients network card the traffic information or payload is encrypted and the network appliance will not be able to un-encrypted to analyses the traffic. Jolio is correct that you could use a IP ACL to block the IP address but Web hosting companies like Facebook usually change thier IP's and this would me you would have to consistently change the ACL.

Some Enterprise devices running IOS version 12.4 I think it is or higher can build ACLs using DNS name, you would need to verify with Enterprise.

Some third party IPS or content client base software can also inspect the traffic before the traffic leaves the clients nic and be filtered at that point.

Cisco Small Business Support Center

Randy Manthey

CCNA, CCNA - Security

New Member

Cisco SA 520

Thanks for your reply verry helpfull!

Can you please advice me what Cisco firewall to buy so I can stop https to a specific domain that I Choose!?

New Member

Cisco SA 520

Tried this on a DD-WRT and it blocks http but not https as well.

I really would have expected the paid license to do a better job and actually block https.

Facebook actually prompts users to use https instead of http, probably to get around these blocks.

One option would be to use OpenDNS service to block the lookups (but users can get around this as well).

Are there ANY cisco solutions out there that would do what Tony is wanting to do??

This really is a BFD in the small business arena, and something we get asked for all the time.

New Member

Cisco SA 520

I'm having the same problem with Cisco RVS4000 ... users are just getting around the blocked ProtectLink sites by using https://. I need a solution for this as well

1515
Views
0
Helpful
5
Replies
CreatePlease login to create content