https://community.cisco.com/t5/network-security/how-to-block-https-sites-with-asa-5515/m-p/2481857#M267900 <P>Hi friends, i want to block https sites and i have a cisco asa 5515-x, somebody have idea for do that?</P> Tue, 12 Mar 2019 04:01:20 GMT Shakespeare Rodas 2019-03-12T04:01:20Z https://community.cisco.com/t5/network-security/how-to-block-https-sites-with-asa-5515/m-p/2481857#M267900 <P>Hi friends, i want to block https sites and i have a cisco asa 5515-x, somebody have idea for do that?</P> Tue, 12 Mar 2019 04:01:20 GMT https://community.cisco.com/t5/network-security/how-to-block-https-sites-with-asa-5515/m-p/2481857#M267900 Shakespeare Rodas 2019-03-12T04:01:20Z https://community.cisco.com/t5/network-security/how-to-block-https-sites-with-asa-5515/m-p/2481858#M267901 <P>The default behavior of an ASA is to allow all traffic from more secure (Inside) to less secure (Outside) interfaces. If you want to change that then add an access-list.</P><P>The problem is that most - but not all - sites use tcp/443 for https. So while a simple deny tcp/443 followed by a permit any (required because once you put and access control list entry on an interface, an implicit "deny any" is added to the end of the list) will catch most of the https, it won't catch it all.</P><P>But if that suffices for your purposes go for it.</P> Tue, 01 Apr 2014 20:37:23 GMT https://community.cisco.com/t5/network-security/how-to-block-https-sites-with-asa-5515/m-p/2481858#M267901 Marvin Rhoads 2014-04-01T20:37:23Z