Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Community Member

ISA570 Block Non-HTTP Access by FQDN instead of IP Address

Does anyone know a way to block any access to a site by FQDN instead of its ip address on the ISA500 series devices?  I know you can block website access with Web URL filtering using FQDNs, but what it you want to block non-HTTP traffic to a site that has either multiple IPs or dynamic IPs?  I typically use  Address Management to setup sites that I want to limit or block, but you have to define specific IPs or ranges and that doesn't always work especially if host IPs are dynamic.   Also, host static IPs can change over time so even if you define them in Address Management you have to periodically audit them to make sure they are still correct.

This is not only an issue with blocking sites, but also in trying to define QoS policies as those use addresses defined in Address Management which again use specific IPs or ranges.  I am just trying to find a more reliable, long term, method of doing these types of management activities on the ISA500 devices.


Thanks for any advice.


I am pretty sure you cannot

I am pretty sure you cannot do this on ISA.  I think you could use to accomplish blocking non-http sites by FQDN.  You could do blocking and QOS by FQDN  with what Cisco generally considers the replacement for this product, the Meraki MX60.

-- please remember to rate and mark answered helpful posts --
CreatePlease to create content