Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
756
Views
10
Helpful
3
Replies

deny internet access on our domain controller

Go to solution
VOLUS
Level 1
Level 1

‎07-12-2022 03:11 AM

i have installed firepower on my ASA 5516 as SFR module, 

i am using ASDM to manage rules ,

any idea how to block internet access on my domain controller, and please note that this domain controller is the DNS server. 

I tried deny any any on DCs IP addresses than I allowed port 53 and didn't work .

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Kasun Bandara
VIP
VIP
In response to VOLUS

‎07-12-2022 04:09 AM

Check below guide of configuration.

https://www.cisco.com/c/en/us/td/docs/security/firepower/620/configuration/guide/fpmc-config-guide-v62/getting_started_with_access_control_policies.html

make sure you are sending all traffic via FP module using ASA service policy

Please rate this and mark as solution/answer, if this resolved your issue
Good luck
KB

View solution in original post

3 Replies 3

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎07-12-2022 03:23 AM

Is this FW also facing Internet and you do NAT ?

on your DC DNS Server, what DNS server external configured ?

so your rule should allow

 

Source : your local DNS

Destination : 8.8.8.8 4.4.4.4

service 53 allow.

example :

https://www.cisco.com/c/en/us/td/docs/security/asa/asa914/configuration/firewall/asa-914-firewall-config/access-umbrella.html

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Go to solution
VOLUS
Level 1
Level 1
In response to balaji.bandi

‎07-12-2022 03:29 AM

hello, 

can you please share the config from firepower and not ASA as i redirected all traffic to firepower 

0 Helpful

Go to solution
Kasun Bandara
VIP
VIP
In response to VOLUS

‎07-12-2022 04:09 AM

Check below guide of configuration.

https://www.cisco.com/c/en/us/td/docs/security/firepower/620/configuration/guide/fpmc-config-guide-v62/getting_started_with_access_control_policies.html

make sure you are sending all traffic via FP module using ASA service policy

Please rate this and mark as solution/answer, if this resolved your issue
Good luck
KB
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents