Solved: Working behaviour of Dns and Web policy - Cisco Community

745

Views

1

Helpful

1

Replies

Hi all,

My organisation needs to create an DNS policy where all the domains (except porn or terrioism) will be allowed and in Web Policy restriction will be configured like below example

IN DNS POLICY (Allowed domains)

Cisco.com, facebook.com, google.com will be allowed

IN WEB POLICY (blocked urls)

cisco.com/login, facebook.com/chat, google.com/mail will be blocked.

Please help me will it work as per stated above or anything else needs to do to achieve the requirement

1 Accepted Solution

Accepted Solutions

Requirements:

DNS policy:
- Content categories to block: Pornography, Terrorism
- Allow list: cisco.com, facebook.com, google.com
WEB policy:
- Destination list (to block): cisco.com/login, facebook.com/chat, google.com/mail

Results:

(Testing using a W10 with AC)

Test 1: Porn category: http://www.exampleadultsite.com – blocked:

Test 2: cisco.com – allowed:

Test 3: cisco.com/login – blocked:

Test 4: google.com/mail – blocked:

Test 5: google.com – allowed:

It works and achieves the requirements.
Note: HTTPS Inspection needs to be enabled on the Web Policy.

View solution in original post

1 Reply 1

Requirements:

DNS policy:
- Content categories to block: Pornography, Terrorism
- Allow list: cisco.com, facebook.com, google.com
WEB policy:
- Destination list (to block): cisco.com/login, facebook.com/chat, google.com/mail

Results:

(Testing using a W10 with AC)

Test 1: Porn category: http://www.exampleadultsite.com – blocked:

Test 2: cisco.com – allowed:

Test 3: cisco.com/login – blocked:

Test 4: google.com/mail – blocked:

Test 5: google.com – allowed:

It works and achieves the requirements.
Note: HTTPS Inspection needs to be enabled on the Web Policy.

Learn, share, save

Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.

New here? Get started with these tips. How to use Community New member guide

Log in to Community