topic FMC in Network Security

FMC

osman.cerkez — Tue, 12 Mar 2019 09:01:24 GMT

Hello,

I have Cisco ASA 5515-X devices with Firepower services managed by FMC 6.1.0.2 and TAC (IPS and URL) licenses.

I have few questions about it:

- Is it possible to allow specific YouTube channel for a specific group of users, but block all other YouTube streaming for all other users.

- Is it possible to allow specific Facebook page like "https://www.facebook.com/something.hr/" for a specific group of users but block all other Facebook pages

If it is possible can you please explain how to set it up.

Regards

Yes this is possible if your

Marius Gunnerud — Wed, 08 Mar 2017 23:03:30 GMT

Yes this is possible if your Defence center is integrated / joined with AD. Or you will need to install a user agent on the client that is connect to active directory.

These links explain how you can create policies based on user identity. Of course if the users have static IPs or are isolated to a spesific subnet then you could just match on the IP or subnet.

http://www.cisco.com/c/en/us/support/docs/security/asa-firepower-services/200329-Configure-Active-Directory-Integration-w.html#anc8

http://www.cisco.com/c/en/us/td/docs/security/firesight/541/user-guide/FireSIGHT-System-UserGuide-v5401/AC-Rules-User.html

Please remember to select a correct answer and rate helpful posts

In the Firepower Management

osman.cerkez — Thu, 09 Mar 2017 11:00:48 GMT

In the Firepower Management Center a Realm has been configured and FMC is integrated with AD. Firepower User Agent for AD version 2.3 is installed on domain controler and operating correctly.

The Identity Policy is configured for passive authentication, set to use the configured Realm and assigned in Access Control Policy and all of these setups works fine.

I have configured SSL Policy with Decrypt-Resign Action for applications (Youtube and Facebook) and assigned in Access Control Policy

But I still cannot to configure Access Control Policy with a rule which i can to use for the previously described case like:

Allow specific YouTube channel like

https://www.youtube.com/channel/UCZ2awNGeUbU5xN1hX-PCYpQ

for specific group of users or for all users, but block all other YouTube streaming for all other users

Allow specific Facebook page, but block all other Facebook pages for all users or group of AD users

In the rule of Access Controll Policy which I use for Application control, under Applications filters I Added Youtube and Facebook , and under URLs filters added specific url which I would like to allow but it does not work and next rule with block and reset action for Youtube and Facebook Aplications, block this traffic.

Regards

I believe you are configuring

Marius Gunnerud — Thu, 09 Mar 2017 17:16:04 GMT

I believe you are configuring the rule incorrectly. do not add Application filters just the URL filter that you would like to permit. Then test.

Please remember to select a correct answer and rate helpful posts