cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3560
Views
0
Helpful
4
Replies

Is it possible to perform 'http to https' redirects from ASA ?

Zubair.Sayed_2
Level 1
Level 1

Hi all,

We recently had some penetration testing done on one of our servers (which has a public front end), and a major issue that was found is that users are able to authenticate without using HTTPS.

I know that we can configure http to https redirects on the server using IIS but we would like to try and get this redirected before the traffic gets to the server.

Browsing some past posts on the forum I found this:

"The ASA can only redirect HTTP/HTTPs traffic to a websense or secure computing smartfilter (owned by McAfee)."

Is it possible to redirect traffic at the ASA as we do not have a websense or smartfilter server in place?

Thanks

Z

1 Accepted Solution

Accepted Solutions

Jennifer Halim
Cisco Employee
Cisco Employee

No, unfortunately this is not supported feature on the ASA. You might want to perform the redirection on the server itself.

Also, in regards to the statement: "The ASA can only redirect HTTP/HTTPs traffic to a websense or secure computing smartfilter (owned by McAfee).", this is to actually redirect all HTTP/HTTPS traffic to an external URL filtering server to perform URL filtering, so it's not the redirect feature that you are after.

View solution in original post

4 Replies 4

Jennifer Halim
Cisco Employee
Cisco Employee

No, unfortunately this is not supported feature on the ASA. You might want to perform the redirection on the server itself.

Also, in regards to the statement: "The ASA can only redirect HTTP/HTTPs traffic to a websense or secure computing smartfilter (owned by McAfee).", this is to actually redirect all HTTP/HTTPS traffic to an external URL filtering server to perform URL filtering, so it's not the redirect feature that you are after.

Jennifer,

Thank you for clearing this up.

Much appreciated.

Zubair

if you want to do something like this, get a real firewall like Checkpoint or Juniper

Nice one David,  

Strange though why Cisco has not built these features in the ASA's........

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: