cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Community Helping Community

3877
Views
18
Helpful
7
Replies
Beginner

FirePOWER URL Blocking

Question,

Is it possible to setup FireSIGHT URL policy to block Facebook, but allow http://facebook.com/mycompany

We have a client who is looking for this feature.

Thank You

Sylwia

7 REPLIES 7
Cisco Employee

Hi Sylwia, Yes, you can do

Hi Sylwia,

 

Yes, you can do that. You need to select action as Block or Block reset when you create an access rule and change the settings using HTTP Responses tab to custom while creating the policy. But this is only for HTTP websites.

Thanks,

 

Dinkar

 

Engager

hi,facebook uses HTTPS and

hi,

facebook uses HTTPS and would need a decryption engine like a dedicated firepower appliance.

the ASA firepower module doesn't have this capability.

i've tried to block facebook on our ASA firepower module but didn't work.

Cisco Employee

It blocks HTTPS based on

It blocks HTTPS based on Server name Identifier (SNI) or common name from certificate filed. But it won't send you the block page as HTTPS, we don't see HTTP get request and can not spoof it.

 

Thanks,

 

Dinkar

Hall of Fame Guru

Right - even with a hardware

Right - even with a hardware appliance and https decryption policy we cannot send a block page for https sites. We can only block the site silently (reset the connection).

I tried this with an AMP 8150 and confirmed with TAC that the block page function is not available for https - even with a decryption policy and trusted certificate issued from an internal PKI on the appliance..

Engager

hi,i just tried this and i

hi,

i just tried this and i can block facebook using the URL blocking policy.

i was doing application blocking earlier and somehow facebook gets through.

Highlighted
Cisco Employee

If you were using application

If you were using application and URL in the same rule then it won't work and will allow the URL. That's because the rule has to match the and condition. It has to match the application and URL. In your case it will never match the application because traffic is encrypted and device won't be identify the application. So it goes to the next rule or default rule.

Even if you have SSL decryption policy it will still allow some packets, that's because device will require some packets to identify the actual application used by the client.

So you need to be very careful when you are creating your policies.

 

Thanks,

Dinkar

 

Beginner

Thank You everyone for the

Thank You everyone for the follow up, but now im confused,

I know becasue it works right now, I can block either

http://facebook.com or applicaiton based facebook

what im trying to accomplish is to allow

url facebook.com/mycompany = which allows users to get to clients facebook company page and block everything else on facebook afterwards..

Ive setup 3 D-Cloud demos and my own lab and 2 TAC cases, and no anwser yet.

seeing if anyone in community has ever seen this or even tried something like this.

Thank You again

CreatePlease to create content
Content for Community-Ad
FusionCharts will render here