topic Re: deny internet access on our domain controller in Network Access Control https://community.cisco.com/t5/network-access-control/deny-internet-access-on-our-domain-controller/m-p/4648700#M576105 <P>Check below guide of configuration.</P> <P><A href="https://www.cisco.com/c/en/us/td/docs/security/firepower/620/configuration/guide/fpmc-config-guide-v62/getting_started_with_access_control_policies.html" target="_blank">https://www.cisco.com/c/en/us/td/docs/security/firepower/620/configuration/guide/fpmc-config-guide-v62/getting_started_with_access_control_policies.html</A></P> <P>make sure you are sending all traffic via FP module using ASA service policy</P> Tue, 12 Jul 2022 11:09:46 GMT Kasun Bandara 2022-07-12T11:09:46Z deny internet access on our domain controller https://community.cisco.com/t5/network-access-control/deny-internet-access-on-our-domain-controller/m-p/4648682#M576101 <P>i have installed firepower on my ASA 5516 as SFR module,&nbsp;</P><P>i am using ASDM to manage rules ,</P><P>any idea how to block internet access on my domain controller, and please note that this domain controller is the DNS server.&nbsp;</P><P>I tried deny any any on DCs IP addresses than I allowed port 53 and didn't work .</P> Tue, 12 Jul 2022 10:11:15 GMT https://community.cisco.com/t5/network-access-control/deny-internet-access-on-our-domain-controller/m-p/4648682#M576101 VOLUS 2022-07-12T10:11:15Z Re: deny internet access on our domain controller https://community.cisco.com/t5/network-access-control/deny-internet-access-on-our-domain-controller/m-p/4648684#M576102 <P>Is this FW also facing Internet and you do NAT ?</P> <P>on your DC DNS Server, what DNS server external configured ?</P> <P>so your rule should allow</P> <P>&nbsp;</P> <P>Source : your local DNS</P> <P>Destination : 8.8.8.8 4.4.4.4</P> <P>service 53 allow.</P> <P>example :</P> <P><A href="https://www.cisco.com/c/en/us/td/docs/security/asa/asa914/configuration/firewall/asa-914-firewall-config/access-umbrella.html" target="_blank">https://www.cisco.com/c/en/us/td/docs/security/asa/asa914/configuration/firewall/asa-914-firewall-config/access-umbrella.html</A></P> Tue, 12 Jul 2022 10:23:17 GMT https://community.cisco.com/t5/network-access-control/deny-internet-access-on-our-domain-controller/m-p/4648684#M576102 balaji.bandi 2022-07-12T10:23:17Z Re: deny internet access on our domain controller https://community.cisco.com/t5/network-access-control/deny-internet-access-on-our-domain-controller/m-p/4648687#M576103 <P>hello,&nbsp;</P><P>can you please share the config from firepower and not ASA as i redirected all traffic to firepower&nbsp;</P> Tue, 12 Jul 2022 10:29:05 GMT https://community.cisco.com/t5/network-access-control/deny-internet-access-on-our-domain-controller/m-p/4648687#M576103 VOLUS 2022-07-12T10:29:05Z Re: deny internet access on our domain controller https://community.cisco.com/t5/network-access-control/deny-internet-access-on-our-domain-controller/m-p/4648700#M576105 <P>Check below guide of configuration.</P> <P><A href="https://www.cisco.com/c/en/us/td/docs/security/firepower/620/configuration/guide/fpmc-config-guide-v62/getting_started_with_access_control_policies.html" target="_blank">https://www.cisco.com/c/en/us/td/docs/security/firepower/620/configuration/guide/fpmc-config-guide-v62/getting_started_with_access_control_policies.html</A></P> <P>make sure you are sending all traffic via FP module using ASA service policy</P> Tue, 12 Jul 2022 11:09:46 GMT https://community.cisco.com/t5/network-access-control/deny-internet-access-on-our-domain-controller/m-p/4648700#M576105 Kasun Bandara 2022-07-12T11:09:46Z