Solved: deny internet access on our domain controller

VOLUS · ‎07-12-2022

i have installed firepower on my ASA 5516 as SFR module,

i am using ASDM to manage rules ,

any idea how to block internet access on my domain controller, and please note that this domain controller is the DNS server.

I tried deny any any on DCs IP addresses than I allowed port 53 and didn't work .

Kasun Bandara · ‎07-12-2022

Check below guide of configuration.

make sure you are sending all traffic via FP module using ASA service policy

Please rate this and mark as solution/answer, if this resolved your issue
Good luck
KB

balaji.bandi · ‎07-12-2022

Is this FW also facing Internet and you do NAT ?

on your DC DNS Server, what DNS server external configured ?

so your rule should allow

Source : your local DNS

Destination : 8.8.8.8 4.4.4.4

service 53 allow.

example :

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

VOLUS · ‎07-12-2022

hello,

can you please share the config from firepower and not ASA as i redirected all traffic to firepower

Kasun Bandara · ‎07-12-2022

Check below guide of configuration.

make sure you are sending all traffic via FP module using ASA service policy

Please rate this and mark as solution/answer, if this resolved your issue
Good luck
KB