https://community.cisco.com/t5/network-security/blocking-websites-using-fwsm/m-p/1247701#M859034 <HTML><HEAD></HEAD><BODY><P>Yes, it can, if you know the IP address via an acl. Besides that if you want to block based on content then, you need websense or n2h2.</P><P></P><P>You can read here:</P><P></P><P><A class="jive-link-custom" href="http://www.cisco.com/en/US/docs/security/fwsm/fwsm32/configuration/guide/filter_f.html#wp1042319" target="_blank">http://www.cisco.com/en/US/docs/security/fwsm/fwsm32/configuration/guide/filter_f.html#wp1042319</A></P></BODY></HTML> Sun, 28 Jun 2009 16:56:46 GMT Kureli Sankar 2009-06-28T16:56:46Z https://community.cisco.com/t5/network-security/blocking-websites-using-fwsm/m-p/1247700#M859033 <P>Hi everyone,</P><P></P><P> Does the FWSM can be used to block specific websites? If yes, kindly send me the link so I can study it. </P><P></P><P>Appreciate your help. Thanks in advance.</P><P></P><P>regards,</P><P>Gagamboy</P> Wed, 13 Mar 2019 00:59:18 GMT https://community.cisco.com/t5/network-security/blocking-websites-using-fwsm/m-p/1247700#M859033 gagamboy15 2019-03-13T00:59:18Z https://community.cisco.com/t5/network-security/blocking-websites-using-fwsm/m-p/1247701#M859034 <HTML><HEAD></HEAD><BODY><P>Yes, it can, if you know the IP address via an acl. Besides that if you want to block based on content then, you need websense or n2h2.</P><P></P><P>You can read here:</P><P></P><P><A class="jive-link-custom" href="http://www.cisco.com/en/US/docs/security/fwsm/fwsm32/configuration/guide/filter_f.html#wp1042319" target="_blank">http://www.cisco.com/en/US/docs/security/fwsm/fwsm32/configuration/guide/filter_f.html#wp1042319</A></P></BODY></HTML> Sun, 28 Jun 2009 16:56:46 GMT https://community.cisco.com/t5/network-security/blocking-websites-using-fwsm/m-p/1247701#M859034 Kureli Sankar 2009-06-28T16:56:46Z https://community.cisco.com/t5/network-security/blocking-websites-using-fwsm/m-p/1247702#M859036 <HTML><HEAD></HEAD><BODY><P>Thanks for the info Kusankar.</P><P></P><P>One question, I am using a proxy server, so how can I block specific URLs? I thinks it should be incoming via ACL or FWSM?</P><P></P><P>Sorry I did'nt have much idea on FWSM. Thanks in advance.</P></BODY></HTML> Sun, 28 Jun 2009 17:33:06 GMT https://community.cisco.com/t5/network-security/blocking-websites-using-fwsm/m-p/1247702#M859036 gagamboy15 2009-06-28T17:33:06Z https://community.cisco.com/t5/network-security/blocking-websites-using-fwsm/m-p/1247703#M859039 <HTML><HEAD></HEAD><BODY><P>The FWSM needs acl applied on all interfaces for traffic to flow.</P><P></P><P>It doesn't matter if you are using a proxy server. If you can resolve the name of the website to an IP address (hope that doesn't change) you can add a deny for this destination ip address on the FWSM interface that is facing the proxy server.</P><P></P><P>ex:</P><P></P><P>proxy ip 10.10.10.1--vlan10--FWSM---vlan20-Internet website (192.168.1.1)</P><P></P><P>I am using private addresses here:</P><P></P><P>you would add an acl to the access-list applied on vlan10.</P><P></P><P>access-list vlan10-in deny tcp host 10.10.10.1 host 192.168.1.1 eq 80</P><P>access-list vlan10-in permmit tcp host 10.10.10.1 any eq 80</P><P></P><P>access-g vlan10-in in int vlan10</P><P></P><P></P><P>You are denying the flow and then permitting the rest.</P><P></P><P></P></BODY></HTML> Sun, 28 Jun 2009 22:46:56 GMT https://community.cisco.com/t5/network-security/blocking-websites-using-fwsm/m-p/1247703#M859039 Kureli Sankar 2009-06-28T22:46:56Z