Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
490
Views
1
Helpful
1
Replies

Working behaviour of Dns and Web policy

Go to solution
sv7
Level 3
Level 3

‎05-12-2023 12:52 AM

Hi all,

My organisation needs to create an DNS policy where all the domains (except porn or terrioism) will be allowed and in Web Policy restriction will be configured like below example

IN DNS POLICY (Allowed domains)

Cisco.com, facebook.com, google.com will be allowed

IN WEB POLICY (blocked urls)

cisco.com/login, facebook.com/chat, google.com/mail will be blocked.

Please help me will it work as per stated above or anything else needs to do to achieve the requirement

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
aaragonb
Cisco Employee
Cisco Employee

‎05-12-2023 02:07 AM

Requirements:

  • DNS policy:
  • Content categories to block: Pornography, Terrorism
  • - Allow list: cisco.com, facebook.com, google.com
  • WEB policy:
  • - Destination list (to block): cisco.com/login, facebook.com/chat, google.com/mail

Results:

(Testing using a W10 with AC)

Test 1: Porn category: http://www.exampleadultsite.com – blocked:

aaragonb_0-1683882160149.png

 

Test 2: cisco.com – allowed:

aaragonb_1-1683882160154.png

 

Test 3: cisco.com/login – blocked:

aaragonb_2-1683882160156.png

 

Test 4: google.com/mail – blocked:

aaragonb_3-1683882160157.png

 

 

Test 5: google.com – allowed:

aaragonb_4-1683882160159.png

It works and achieves the requirements.
Note: HTTPS Inspection needs to be enabled on the Web Policy.

 

 

View solution in original post

1 Reply 1

Go to solution
aaragonb
Cisco Employee
Cisco Employee

‎05-12-2023 02:07 AM

Requirements:

  • DNS policy:
  • Content categories to block: Pornography, Terrorism
  • - Allow list: cisco.com, facebook.com, google.com
  • WEB policy:
  • - Destination list (to block): cisco.com/login, facebook.com/chat, google.com/mail

Results:

(Testing using a W10 with AC)

Test 1: Porn category: http://www.exampleadultsite.com – blocked:

aaragonb_0-1683882160149.png

 

Test 2: cisco.com – allowed:

aaragonb_1-1683882160154.png

 

Test 3: cisco.com/login – blocked:

aaragonb_2-1683882160156.png

 

Test 4: google.com/mail – blocked:

aaragonb_3-1683882160157.png

 

 

Test 5: google.com – allowed:

aaragonb_4-1683882160159.png

It works and achieves the requirements.
Note: HTTPS Inspection needs to be enabled on the Web Policy.

 

 

Customers Also Viewed These Support Documents