<?xml version="1.0" encoding="UTF-8"?>
<rss xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:taxo="http://purl.org/rss/1.0/modules/taxonomy/" version="2.0">
  <channel>
    <title>topic So, you are already in Network Security</title>
    <link>https://community.cisco.com/t5/network-security/url-permit-through-firewall/m-p/2544265#M234841</link>
    <description>&lt;P&gt;So, you are already restricting access to the internet for your users?&amp;nbsp; Or is this a new ASA being setup?&amp;nbsp; In many setups local users will have full access out to the internet so this would not be an issue.&lt;/P&gt;&lt;P&gt;But you could use FQDN in access lists if you are restricting access already...just be sure that the ASA is configured with DNS server IPs so that it can do DNS lookups.&lt;/P&gt;&lt;P&gt;If the above is the case then you could do something like the following:&lt;/P&gt;&lt;P&gt;&lt;STRONG&gt;name-server 192.168.1.1 192.168.1.2&lt;/STRONG&gt;&amp;nbsp; &amp;lt;---configure DNS servers on the ASA&lt;/P&gt;&lt;P&gt;&lt;STRONG&gt;object network SITE1&lt;BR /&gt;&amp;nbsp; fqdn b2b.dolgn.net&lt;/STRONG&gt;&lt;/P&gt;&lt;P&gt;&lt;STRONG&gt;access-list ACL1 permit tcp any object SITE1 eq 50000&lt;/STRONG&gt;&lt;/P&gt;&lt;P&gt;&lt;STRONG&gt;access-group ACL1 in interface inside&lt;/STRONG&gt;&lt;/P&gt;&lt;P&gt;Keep in mind that all ACLs have an implicit deny any any at the end of it so if you require your users to access other networks/IPs through the ASA then this must also be permitted in the ACL.&lt;/P&gt;&lt;P&gt;If this is not what you are looking for, please provide a detailed description of your network and exactly what you are trying to acomplish.&amp;nbsp; The more details the better.&lt;/P&gt;&lt;P&gt;--&lt;/P&gt;&lt;P&gt;Please remember to select a correct answer and rate helpful posts&lt;/P&gt;</description>
    <pubDate>Sat, 13 Sep 2014 15:09:19 GMT</pubDate>
    <dc:creator>Marius Gunnerud</dc:creator>
    <dc:date>2014-09-13T15:09:19Z</dc:date>
    <item>
      <title>URL permit through firewall</title>
      <link>https://community.cisco.com/t5/network-security/url-permit-through-firewall/m-p/2544262#M234837</link>
      <description>&lt;P&gt;hi,&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;we have requirement to permit some url like on port no. 50000&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;TABLE border="0" cellpadding="0" cellspacing="0" style="width:273px;" width="273"&gt;&lt;TBODY&gt;&lt;TR&gt;&lt;TD nowrap="nowrap" style="width:209px;height:20px;"&gt;&lt;P&gt;elink-a26.bankofamerica.com&lt;/P&gt;&lt;/TD&gt;&lt;/TR&gt;&lt;TR&gt;&lt;TD nowrap="nowrap" style="width:209px;height:20px;"&gt;&lt;P&gt;b2b.dolgn.net&lt;/P&gt;&lt;/TD&gt;&lt;/TR&gt;&lt;TR&gt;&lt;TD nowrap="nowrap" style="width:209px;height:20px;"&gt;&lt;P&gt;12.155.249.X&lt;/P&gt;&lt;/TD&gt;&lt;/TR&gt;&lt;TR&gt;&lt;TD nowrap="nowrap" style="width:209px;height:20px;"&gt;&lt;P&gt;gem.carrey.com&lt;/P&gt;&lt;/TD&gt;&lt;/TR&gt;&lt;/TBODY&gt;&lt;/TABLE&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;my asa version 8.6&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;how can i permit these URL in asa port no 50000. please help&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;regards&lt;/P&gt;&lt;P&gt;rajat&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;</description>
      <pubDate>Tue, 12 Mar 2019 04:45:22 GMT</pubDate>
      <guid>https://community.cisco.com/t5/network-security/url-permit-through-firewall/m-p/2544262#M234837</guid>
      <dc:creator>r.kukreja</dc:creator>
      <dc:date>2019-03-12T04:45:22Z</dc:date>
    </item>
    <item>
      <title>You do not specify if these</title>
      <link>https://community.cisco.com/t5/network-security/url-permit-through-firewall/m-p/2544263#M234838</link>
      <description>&lt;P&gt;You do not specify if these URLs are your own or you want to allow access to these for your users but then block all other traffic?&lt;/P&gt;&lt;P&gt;Please explain in more detail what you are trying to accomplish.&lt;/P&gt;&lt;P&gt;--&lt;/P&gt;&lt;P&gt;Please remember to select a correct answer and rate helpful posts&lt;/P&gt;</description>
      <pubDate>Sat, 13 Sep 2014 11:13:42 GMT</pubDate>
      <guid>https://community.cisco.com/t5/network-security/url-permit-through-firewall/m-p/2544263#M234838</guid>
      <dc:creator>Marius Gunnerud</dc:creator>
      <dc:date>2014-09-13T11:13:42Z</dc:date>
    </item>
    <item>
      <title>hi,these URLs are not owned</title>
      <link>https://community.cisco.com/t5/network-security/url-permit-through-firewall/m-p/2544264#M234839</link>
      <description>&lt;P&gt;hi,&lt;/P&gt;&lt;P&gt;these URLs are not owned by us.&lt;/P&gt;&lt;P&gt;we want to allow access to these for our users.&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;please help&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;regards&lt;/P&gt;&lt;P&gt;rajat&lt;/P&gt;</description>
      <pubDate>Sat, 13 Sep 2014 11:18:40 GMT</pubDate>
      <guid>https://community.cisco.com/t5/network-security/url-permit-through-firewall/m-p/2544264#M234839</guid>
      <dc:creator>r.kukreja</dc:creator>
      <dc:date>2014-09-13T11:18:40Z</dc:date>
    </item>
    <item>
      <title>So, you are already</title>
      <link>https://community.cisco.com/t5/network-security/url-permit-through-firewall/m-p/2544265#M234841</link>
      <description>&lt;P&gt;So, you are already restricting access to the internet for your users?&amp;nbsp; Or is this a new ASA being setup?&amp;nbsp; In many setups local users will have full access out to the internet so this would not be an issue.&lt;/P&gt;&lt;P&gt;But you could use FQDN in access lists if you are restricting access already...just be sure that the ASA is configured with DNS server IPs so that it can do DNS lookups.&lt;/P&gt;&lt;P&gt;If the above is the case then you could do something like the following:&lt;/P&gt;&lt;P&gt;&lt;STRONG&gt;name-server 192.168.1.1 192.168.1.2&lt;/STRONG&gt;&amp;nbsp; &amp;lt;---configure DNS servers on the ASA&lt;/P&gt;&lt;P&gt;&lt;STRONG&gt;object network SITE1&lt;BR /&gt;&amp;nbsp; fqdn b2b.dolgn.net&lt;/STRONG&gt;&lt;/P&gt;&lt;P&gt;&lt;STRONG&gt;access-list ACL1 permit tcp any object SITE1 eq 50000&lt;/STRONG&gt;&lt;/P&gt;&lt;P&gt;&lt;STRONG&gt;access-group ACL1 in interface inside&lt;/STRONG&gt;&lt;/P&gt;&lt;P&gt;Keep in mind that all ACLs have an implicit deny any any at the end of it so if you require your users to access other networks/IPs through the ASA then this must also be permitted in the ACL.&lt;/P&gt;&lt;P&gt;If this is not what you are looking for, please provide a detailed description of your network and exactly what you are trying to acomplish.&amp;nbsp; The more details the better.&lt;/P&gt;&lt;P&gt;--&lt;/P&gt;&lt;P&gt;Please remember to select a correct answer and rate helpful posts&lt;/P&gt;</description>
      <pubDate>Sat, 13 Sep 2014 15:09:19 GMT</pubDate>
      <guid>https://community.cisco.com/t5/network-security/url-permit-through-firewall/m-p/2544265#M234841</guid>
      <dc:creator>Marius Gunnerud</dc:creator>
      <dc:date>2014-09-13T15:09:19Z</dc:date>
    </item>
    <item>
      <title> Hi, actually below are the</title>
      <link>https://community.cisco.com/t5/network-security/url-permit-through-firewall/m-p/2544266#M234843</link>
      <description>&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;Hi,&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;actually below are the URL that we are allowing on outside interface&lt;/P&gt;&lt;P&gt;we are putting ISP dns that has to resolve below url and we have to apply access-list on outside interface. please if possible provide solution according to requirement.&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;TABLE border="0" cellpadding="0" cellspacing="0" width="273"&gt;&lt;TBODY&gt;&lt;TR&gt;&lt;TD nowrap="nowrap"&gt;&lt;P&gt;elink-a26.bankofamerica.com&lt;/P&gt;&lt;/TD&gt;&lt;/TR&gt;&lt;TR&gt;&lt;TD nowrap="nowrap"&gt;&lt;P&gt;b2b.dolgn.net&lt;/P&gt;&lt;/TD&gt;&lt;/TR&gt;&lt;TR&gt;&lt;TD nowrap="nowrap"&gt;&lt;P&gt;12.155.249.X&lt;/P&gt;&lt;/TD&gt;&lt;/TR&gt;&lt;TR&gt;&lt;TD nowrap="nowrap"&gt;&lt;P&gt;gem.carrey.com&lt;/P&gt;&lt;/TD&gt;&lt;/TR&gt;&lt;/TBODY&gt;&lt;/TABLE&gt;</description>
      <pubDate>Mon, 15 Sep 2014 08:34:25 GMT</pubDate>
      <guid>https://community.cisco.com/t5/network-security/url-permit-through-firewall/m-p/2544266#M234843</guid>
      <dc:creator>r.kukreja</dc:creator>
      <dc:date>2014-09-15T08:34:25Z</dc:date>
    </item>
    <item>
      <title>I have provided a solution</title>
      <link>https://community.cisco.com/t5/network-security/url-permit-through-firewall/m-p/2544267#M234844</link>
      <description>&lt;P&gt;I have provided a solution for access-list on the outside interface using the URL in my previous post.&amp;nbsp; I have limited the configuration to only one FQDN to keep the post short.&amp;nbsp; you could group them all together in a object-group but then you would need to create a seperate object for each FQDN and then call that object into the object-group:&lt;/P&gt;&lt;P&gt;&lt;STRONG&gt;object network SITE1&lt;BR /&gt;&amp;nbsp; fqdn b2b.dolgn.net&lt;/STRONG&gt;&lt;BR /&gt;&lt;STRONG&gt;&lt;STRONG&gt;object-group network GROUP&lt;/STRONG&gt;&lt;BR /&gt;&lt;STRONG&gt;&amp;nbsp; network-object object SITE1&lt;/STRONG&gt;&lt;BR /&gt;&lt;STRONG&gt;&amp;nbsp; network-object host 12.155.249.X&lt;/STRONG&gt;&lt;/STRONG&gt;&lt;/P&gt;&lt;P&gt;&lt;STRONG&gt;&lt;STRONG&gt;access-list ACL1 permit tcp object-group GROUP any eq 50000&lt;/STRONG&gt;&lt;/STRONG&gt;&lt;/P&gt;&lt;P&gt;&lt;STRONG&gt;&lt;STRONG&gt;access-group ACL1 in interface outside&lt;/STRONG&gt;&lt;/STRONG&gt;&lt;/P&gt;&lt;P&gt;--&lt;/P&gt;&lt;P&gt;Please remember to select a correct answer and rate helpful posts&lt;/P&gt;</description>
      <pubDate>Mon, 15 Sep 2014 09:30:03 GMT</pubDate>
      <guid>https://community.cisco.com/t5/network-security/url-permit-through-firewall/m-p/2544267#M234844</guid>
      <dc:creator>Marius Gunnerud</dc:creator>
      <dc:date>2014-09-15T09:30:03Z</dc:date>
    </item>
    <item>
      <title>thanks a lot marius</title>
      <link>https://community.cisco.com/t5/network-security/url-permit-through-firewall/m-p/2544268#M234845</link>
      <description>&lt;P&gt;thanks a lot marius&lt;/P&gt;</description>
      <pubDate>Tue, 16 Sep 2014 09:56:30 GMT</pubDate>
      <guid>https://community.cisco.com/t5/network-security/url-permit-through-firewall/m-p/2544268#M234845</guid>
      <dc:creator>r.kukreja</dc:creator>
      <dc:date>2014-09-16T09:56:30Z</dc:date>
    </item>
    <item>
      <title>Any time :-)Thank you for the</title>
      <link>https://community.cisco.com/t5/network-security/url-permit-through-firewall/m-p/2544269#M234846</link>
      <description>&lt;P&gt;Any time &lt;span class="lia-unicode-emoji" title=":slightly_smiling_face:"&gt;🙂&lt;/span&gt;&lt;/P&gt;&lt;P&gt;Thank you for the rating&lt;/P&gt;</description>
      <pubDate>Tue, 16 Sep 2014 09:58:14 GMT</pubDate>
      <guid>https://community.cisco.com/t5/network-security/url-permit-through-firewall/m-p/2544269#M234846</guid>
      <dc:creator>Marius Gunnerud</dc:creator>
      <dc:date>2014-09-16T09:58:14Z</dc:date>
    </item>
    <item>
      <title>Re: I have provided a solution</title>
      <link>https://community.cisco.com/t5/network-security/url-permit-through-firewall/m-p/3412651#M234847</link>
      <description>&lt;P&gt;This information is very helpful. If I could ask one quick question regarding using internal DNS though... when I add the name-server x.x.x.x, is there any configuration that I need to actually complete on my DNS server for the fqdn that I am allowing access to?&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;Normally, our ACLs for outbound access are configured by IP addresses but, I have been asked to add an entry for a URL instead. Here are the lines that I intend on adding to my ASA:&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;name-server Y.Y.Y.Y (my internal DNS server address)&lt;BR /&gt;&lt;BR /&gt;object network obj-site1.url.org&lt;BR /&gt;fqdn site1.url.org&lt;BR /&gt;&lt;BR /&gt;object network obj-site2.url.org&lt;BR /&gt;fqdn site2.url.org&lt;BR /&gt;&lt;BR /&gt;object-group network URL.ORG&lt;BR /&gt;network-object object obj-site1.url.org&lt;BR /&gt;network-object object obj-site2.url.org&lt;BR /&gt;&lt;BR /&gt;access-list Outbound line 134 extended permit tcp host X.X.X.X object-group URL.ORG eq 22&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;not sure if I am missing anything. Or if there are any changes I need to make on my DNS server.&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;Any assistance would be greatly appreciated.&lt;/P&gt;
&lt;P&gt;Chris&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;</description>
      <pubDate>Mon, 09 Jul 2018 13:29:32 GMT</pubDate>
      <guid>https://community.cisco.com/t5/network-security/url-permit-through-firewall/m-p/3412651#M234847</guid>
      <dc:creator>Christopher Scopa</dc:creator>
      <dc:date>2018-07-09T13:29:32Z</dc:date>
    </item>
  </channel>
</rss>

