https://community.cisco.com/t5/network-security/firepower-allow-visit-to-specific-websites/m-p/4396923#M1080466 <P><a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/97036">@Rob Ingram</a>&nbsp;</P><P>Yup, PAT with your suggestion will work. I have to modify the existing lazy Access Policy inside any &gt; outside any.</P><P>May I have some example for FMC for URL filtering or FQDN object?</P><P>Thanks,</P><P>Roy Lee</P> Mon, 03 May 2021 09:09:49 GMT Roy Lee 2021-05-03T09:09:49Z https://community.cisco.com/t5/network-security/firepower-allow-visit-to-specific-websites/m-p/4396894#M1080458 <P>Hi All,</P><P>We setup FirePower with NAT(PAT I think) for a group of computer so that they can access internet.</P><P>However, we want to allow all computers able to visit a list of websites.</P><P>Is it possible and how?</P><P>Thanks,</P><P>Roy</P> Mon, 03 May 2021 07:39:51 GMT https://community.cisco.com/t5/network-security/firepower-allow-visit-to-specific-websites/m-p/4396894#M1080458 Roy Lee 2021-05-03T07:39:51Z https://community.cisco.com/t5/network-security/firepower-allow-visit-to-specific-websites/m-p/4396896#M1080460 <P><a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/77525">@Roy Lee</a>&nbsp;</P> <P>Are you running FTD and how are you managing it, FMC or FDM?</P> <P>Or are you running ASA with Firepower services?</P> <P>What licensing do you have?</P> <P>&nbsp;</P> <P>You could use URL filtering if you are licensed or FQDN objects, example <A href="https://integratingit.wordpress.com/2021/02/01/ftd-fqdn-objects/" target="_self">here</A>.</P> Mon, 03 May 2021 07:43:57 GMT https://community.cisco.com/t5/network-security/firepower-allow-visit-to-specific-websites/m-p/4396896#M1080460 Rob Ingram 2021-05-03T07:43:57Z https://community.cisco.com/t5/network-security/firepower-allow-visit-to-specific-websites/m-p/4396911#M1080463 <P><a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/97036">@Rob Ingram</a>&nbsp;</P><P>We are running FTD and managing it by FMC.</P><P>Not all our internal computers are NATed. How can they access?</P><P>Thanks,</P><P>Roy</P> Mon, 03 May 2021 08:38:35 GMT https://community.cisco.com/t5/network-security/firepower-allow-visit-to-specific-websites/m-p/4396911#M1080463 Roy Lee 2021-05-03T08:38:35Z https://community.cisco.com/t5/network-security/firepower-allow-visit-to-specific-websites/m-p/4396915#M1080464 <P><a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/77525">@Roy Lee</a>&nbsp;</P> <P>You'll at least need to PAT traffic from the internal lan, hiding traffic behind the outside interface. You don't need a static NAT per host if that is what you were implying. Restrict the outbound traffic using the options I previously metioned.</P> <P>&nbsp;</P> <P>The other alternative is to use a proxy server, only this server would then need a NAT and outbound firewall rules. You can restrict outbound traffic on the proxy from the internal hosts ip address/username etc.</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> Mon, 03 May 2021 08:44:43 GMT https://community.cisco.com/t5/network-security/firepower-allow-visit-to-specific-websites/m-p/4396915#M1080464 Rob Ingram 2021-05-03T08:44:43Z https://community.cisco.com/t5/network-security/firepower-allow-visit-to-specific-websites/m-p/4396923#M1080466 <P><a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/97036">@Rob Ingram</a>&nbsp;</P><P>Yup, PAT with your suggestion will work. I have to modify the existing lazy Access Policy inside any &gt; outside any.</P><P>May I have some example for FMC for URL filtering or FQDN object?</P><P>Thanks,</P><P>Roy Lee</P> Mon, 03 May 2021 09:09:49 GMT https://community.cisco.com/t5/network-security/firepower-allow-visit-to-specific-websites/m-p/4396923#M1080466 Roy Lee 2021-05-03T09:09:49Z https://community.cisco.com/t5/network-security/firepower-allow-visit-to-specific-websites/m-p/4396930#M1080467 <P>FQDN DNS filtering</P> <P><A href="https://www.cisco.com/c/en/us/support/docs/security/firepower-ngfw/214698-understand-fqdn-feature-on-firepower-thr.html" target="_blank">https://www.cisco.com/c/en/us/support/docs/security/firepower-ngfw/214698-understand-fqdn-feature-on-firepower-thr.html</A></P> <P>&nbsp;</P> <P>URL Filtering</P> <P><A href="https://www.youtube.com/watch?v=nXIBDQqekPY" target="_blank">https://www.youtube.com/watch?v=nXIBDQqekPY</A></P> <P><A href="https://wannabecybersecurity.blogspot.com/2019/07/configuring-cisco-fmc-url-filtering.html" target="_blank">https://wannabecybersecurity.blogspot.com/2019/07/configuring-cisco-fmc-url-filtering.html</A></P> <P>&nbsp;</P> Mon, 03 May 2021 09:22:18 GMT https://community.cisco.com/t5/network-security/firepower-allow-visit-to-specific-websites/m-p/4396930#M1080467 Rob Ingram 2021-05-03T09:22:18Z https://community.cisco.com/t5/network-security/firepower-allow-visit-to-specific-websites/m-p/4571934#M1088360 <P>In some DHCP swimming pools, you have designated a DNS server other than eight.Eight.8.Eight to get the <A href="https://louise-wener.co.uk/" target="_self">web agency</A> service., is that on cause ? Are these 'problem' web sites not handy from unique Vlans, or from everywhere ?</P> Fri, 18 Mar 2022 09:13:19 GMT https://community.cisco.com/t5/network-security/firepower-allow-visit-to-specific-websites/m-p/4571934#M1088360 euwjrtei 2022-03-18T09:13:19Z