ISA570 Block Non-HTTP Access by FQDN instead of IP Address
Does anyone know a way to block any access to a site by FQDN instead of its ip address on the ISA500 series devices? I know you can block website access with Web URL filtering using FQDNs, but what it you want to block non-HTTP traffic to a site that has either multiple IPs or dynamic IPs? I typically use Address Management to setup sites that I want to limit or block, but you have to define specific IPs or ranges and that doesn't always work especially if host IPs are dynamic. Also, host static IPs can change over time so even if you define them in Address Management you have to periodically audit them to make sure they are still correct.
This is not only an issue with blocking sites, but also in trying to define QoS policies as those use addresses defined in Address Management which again use specific IPs or ranges. I am just trying to find a more reliable, long term, method of doing these types of management activities on the ISA500 devices.
I am pretty sure you cannot do this on ISA. I think you could use opendns.com to accomplish blocking non-http sites by FQDN. You could do blocking and QOS by FQDN with what Cisco generally considers the replacement for this product, the Meraki MX60.
-- please remember to rate and mark answered helpful posts --
Reboot and Factory Default Reset on ISA500 Series Integrated Security Appliances
Reboot or restart of the network device is made when certain changes in the settings need reboot or if the device is frozen. The configuration...
WAN Quality of Service (QoS) Policy Profiles Settings on ISA500 Series Integrated Security Appliances
Wide Area Network (WAN) Quality of Service (QoS) policy profiles manage traffic through classed-based profiles. These pro...
Cisco QuickVPN Installation Tips for Windows Operating Systems
For a video showing installation tips on Quick VPN, visit http://youtu.be/hHu2z6A78N8
Cisco QuickVPN is a free software designed for remote access to a ne...