https://community.cisco.com/t5/network-security/block-all-https-traffic-only-allow-microsoft-com-and-any-url/m-p/4492314#M1084607 <P>Yes, at least 3 products can do that: Cisco Secure Firewall (formerly known as Firepower Threat Defense), Umbrella SIG and Cisco Secure Web Appliance (formerly known as WSA).</P> <P>Which one is right for you (if any of them are) depends on a lot of things, as <a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/823684">@MrBeginner</a> alluded to.</P> Tue, 26 Oct 2021 04:23:46 GMT Marvin Rhoads 2021-10-26T04:23:46Z https://community.cisco.com/t5/network-security/block-all-https-traffic-only-allow-microsoft-com-and-any-url/m-p/4492252#M1084605 <P>hi all</P><P>is there any cisco products are able to do that?</P> Tue, 26 Oct 2021 01:34:08 GMT https://community.cisco.com/t5/network-security/block-all-https-traffic-only-allow-microsoft-com-and-any-url/m-p/4492252#M1084605 ivan.yeung 2021-10-26T01:34:08Z https://community.cisco.com/t5/network-security/block-all-https-traffic-only-allow-microsoft-com-and-any-url/m-p/4492294#M1084606 <P>Hi ,</P><P>You should explain more what is your use case. eg .do you need routers or firewalls and your traffic flow?</P> Tue, 26 Oct 2021 03:35:35 GMT https://community.cisco.com/t5/network-security/block-all-https-traffic-only-allow-microsoft-com-and-any-url/m-p/4492294#M1084606 MrBeginner 2021-10-26T03:35:35Z https://community.cisco.com/t5/network-security/block-all-https-traffic-only-allow-microsoft-com-and-any-url/m-p/4492314#M1084607 <P>Yes, at least 3 products can do that: Cisco Secure Firewall (formerly known as Firepower Threat Defense), Umbrella SIG and Cisco Secure Web Appliance (formerly known as WSA).</P> <P>Which one is right for you (if any of them are) depends on a lot of things, as <a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/823684">@MrBeginner</a> alluded to.</P> Tue, 26 Oct 2021 04:23:46 GMT https://community.cisco.com/t5/network-security/block-all-https-traffic-only-allow-microsoft-com-and-any-url/m-p/4492314#M1084607 Marvin Rhoads 2021-10-26T04:23:46Z https://community.cisco.com/t5/network-security/block-all-https-traffic-only-allow-microsoft-com-and-any-url/m-p/4492392#M1084610 <P>hi&nbsp;<SPAN class=""><A href="https://community.cisco.com/t5/user/viewprofilepage/user-id/823684" target="_self"><SPAN class="">MrBeginner,</SPAN></A></SPAN></P><P>&nbsp;</P><P>let say an enterprise dont allow their emp<SPAN>loyees access internet by default,&nbsp; they access to specific web site only they requested.</SPAN></P><P>let say employee A requested access&nbsp;O365, but how the network admin takes to get this job done in firewall level?</P><P>O365 contains different URL, so it wont work if using URL as a security object?</P><P>&nbsp;</P><P>&nbsp;</P> Tue, 26 Oct 2021 06:25:00 GMT https://community.cisco.com/t5/network-security/block-all-https-traffic-only-allow-microsoft-com-and-any-url/m-p/4492392#M1084610 ivan.yeung 2021-10-26T06:25:00Z https://community.cisco.com/t5/network-security/block-all-https-traffic-only-allow-microsoft-com-and-any-url/m-p/4492435#M1084614 <P>Microsoft publishes a listing of the IP addresses its service map to. You can use that listing to create an object which can then be used in an ACL.</P> <P>See this example:</P> <P><A href="https://github.com/chrivand/Firepower_O365_Feed_Parser" target="_blank" rel="noopener">https://github.com/chrivand/Firepower_O365_Feed_Parser</A></P> <P>Cisco has also developed the Cisco Secure Dynamic Attributes Connector (CSDAC) which allows you to automate the process using newer versions of Cisco Secure Firewall (7.0+).</P> <P><A href="https://www.cisco.com/c/en/us/td/docs/security/secure-firewall/integrations/dynamic-attributes-connector/1-0/cisco-secure-dynamic-attributes-connector/about-dynamic-attributes-collector.html" target="_blank" rel="noopener">https://www.cisco.com/c/en/us/td/docs/security/secure-firewall/integrations/dynamic-attributes-connector/1-0/cisco-secure-dynamic-attributes-connector/about-dynamic-attributes-collector.html</A></P> Tue, 26 Oct 2021 07:27:31 GMT https://community.cisco.com/t5/network-security/block-all-https-traffic-only-allow-microsoft-com-and-any-url/m-p/4492435#M1084614 Marvin Rhoads 2021-10-26T07:27:31Z https://community.cisco.com/t5/network-security/block-all-https-traffic-only-allow-microsoft-com-and-any-url/m-p/4492534#M1084620 Hi Marvin Rhoads,<BR />Thanks for your suggestions, is there any scalable ways apply to non-famous web site?<BR /> Tue, 26 Oct 2021 09:35:34 GMT https://community.cisco.com/t5/network-security/block-all-https-traffic-only-allow-microsoft-com-and-any-url/m-p/4492534#M1084620 ivan.yeung 2021-10-26T09:35:34Z https://community.cisco.com/t5/network-security/block-all-https-traffic-only-allow-microsoft-com-and-any-url/m-p/4492638#M1084625 <P>If it's just a web site and not a collection of services then you can simply use an FQDN in your ACL.</P> Tue, 26 Oct 2021 12:44:27 GMT https://community.cisco.com/t5/network-security/block-all-https-traffic-only-allow-microsoft-com-and-any-url/m-p/4492638#M1084625 Marvin Rhoads 2021-10-26T12:44:27Z https://community.cisco.com/t5/network-security/block-all-https-traffic-only-allow-microsoft-com-and-any-url/m-p/4493085#M1084633 <P>if that web site have tons of FQDN inside? so i can only input those tons of FQDN one by one on firewall ACL?</P> Wed, 27 Oct 2021 00:50:57 GMT https://community.cisco.com/t5/network-security/block-all-https-traffic-only-allow-microsoft-com-and-any-url/m-p/4493085#M1084633 ivan.yeung 2021-10-27T00:50:57Z https://community.cisco.com/t5/network-security/block-all-https-traffic-only-allow-microsoft-com-and-any-url/m-p/4494608#M1084694 <P>Correct. Doing whitelisting (vs. blacklisting) can be a very tedious process. That's one reason why very few organizations use that approach.</P> Fri, 29 Oct 2021 01:33:24 GMT https://community.cisco.com/t5/network-security/block-all-https-traffic-only-allow-microsoft-com-and-any-url/m-p/4494608#M1084694 Marvin Rhoads 2021-10-29T01:33:24Z