topic Re: How to allow *.website in ASA in Network Security https://community.cisco.com/t5/network-security/how-to-allow-website-in-asa/m-p/4115916#M1071874 <P>Thank you.</P><P>&nbsp;</P><P>Yes, we are restricting traffic from inside and want updates from microsoft to be allowed.</P> Thu, 09 Jul 2020 11:35:32 GMT Brad_Shawh 2020-07-09T11:35:32Z How to allow *.website in ASA https://community.cisco.com/t5/network-security/how-to-allow-website-in-asa/m-p/4115843#M1071868 <P>Hello</P><P>We are on ASA 9.8</P><P>&nbsp;</P><P><A href="https://docs.microsoft.com/en-us/previous-versions/system-center/configuration-manager-2007/bb693717(v=technet.10)?redirectedfrom=MSDN" target="_blank">https://docs.microsoft.com/en-us/previous-versions/system-center/configuration-manager-2007/bb693717(v=technet.10)?redirectedfrom=MSDN</A></P><P>&nbsp;</P><P>We have a requirement to allow all microsoft updates through ASA.</P><P>&nbsp;</P><P>How can this be achieved? Thank you.</P> Thu, 09 Jul 2020 09:02:17 GMT https://community.cisco.com/t5/network-security/how-to-allow-website-in-asa/m-p/4115843#M1071868 Brad_Shawh 2020-07-09T09:02:17Z Re: How to allow *.website in ASA https://community.cisco.com/t5/network-security/how-to-allow-website-in-asa/m-p/4115859#M1071870 <P>By default outbound traffic isn't blocked and outside traffic that's returning as part of a connection that was established from inside is allowed.</P> <P>So, unless you're restricting outbound traffic, nothing needs to be done.</P> Thu, 09 Jul 2020 09:47:45 GMT https://community.cisco.com/t5/network-security/how-to-allow-website-in-asa/m-p/4115859#M1071870 Marvin Rhoads 2020-07-09T09:47:45Z Re: How to allow *.website in ASA https://community.cisco.com/t5/network-security/how-to-allow-website-in-asa/m-p/4115916#M1071874 <P>Thank you.</P><P>&nbsp;</P><P>Yes, we are restricting traffic from inside and want updates from microsoft to be allowed.</P> Thu, 09 Jul 2020 11:35:32 GMT https://community.cisco.com/t5/network-security/how-to-allow-website-in-asa/m-p/4115916#M1071874 Brad_Shawh 2020-07-09T11:35:32Z Re: How to allow *.website in ASA https://community.cisco.com/t5/network-security/how-to-allow-website-in-asa/m-p/4115919#M1071875 <P>You cannot do the wildcard in ASA ACLs with FQDN objects:</P> <P><A href="https://community.cisco.com/t5/network-security/asa-wildcard-fqdn-object-acl/m-p/3062315" target="_blank">https://community.cisco.com/t5/network-security/asa-wildcard-fqdn-object-acl/m-p/3062315</A></P> <P>So you would need to specify FQDNs of Microsoft domains without using wildcards.</P> Thu, 09 Jul 2020 11:40:40 GMT https://community.cisco.com/t5/network-security/how-to-allow-website-in-asa/m-p/4115919#M1071875 Marvin Rhoads 2020-07-09T11:40:40Z Re: How to allow *.website in ASA https://community.cisco.com/t5/network-security/how-to-allow-website-in-asa/m-p/4116033#M1071883 <P>Thank you, I'll use firepower!</P> Thu, 09 Jul 2020 14:40:14 GMT https://community.cisco.com/t5/network-security/how-to-allow-website-in-asa/m-p/4116033#M1071883 Brad_Shawh 2020-07-09T14:40:14Z