02-13-2013 01:38 PM - edited 03-11-2019 06:00 PM
Hello pro's
I've been playing around with the ASA-CX capability of blocking URLs or Facebook photos or games through policies. It works like a charm, but I encountered issues when I was using https; my policies stopped working. Also I was not seeing reports of the URLs I accessed using a secure connection (https)
However, after I enabled Decryption (Device->Decryption->Enable Decryption policies) I started seeing the reports of the URLs but still my policies are not working. The feature of blocking only certain apps or activities inside a web that could be perfectly used for business (such as facebook) is excelent, but if the users can go around as easily as using https, I don't see the point. I am sure I am missing some configuration steps... Could anybody please shed some light on this?
Thanks in advance!
03-05-2013 09:11 AM
Just updating...
I was not able to play with the Demo, but I figured out that I needed to first configure decrypting policies, then accept the ASA CX certificate on the client machine...
Unfortunately I had no more time to check it, I had to give the borrowed ASA back.
11-03-2013 09:15 PM
As initial action plan :
- you need to configure a URL object for Facebook if it was not configured :
- Enable Decryption policy , Device à Decryption and configure a certificate , either a self-signed one or import one.
- Then need to configure the Decryption policy for Facebook :
1. Policy to deny Facebook under Access section :
2. Policy Under decryption section :
Please let me know if you have any questions or concners
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide