Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2269
Views
5
Helpful
6
Replies

ASA 5508X web filtering

Kt43387
Level 1
Level 1

‎06-30-2020 03:21 AM

Hi All,

 

I need to apply web filtering for a few users in ASA 5508(7.8) on subnet 192.1683.0.

 

like, from this subnet, few users should get access to Gmail only. another few users should get a complete block.

 

Please let me know the best way to achieve this.

 

I have firepower module.

 

Thanks

Krishna

Labels:
0 Helpful
6 Replies 6

Marvin Rhoads
Hall of Fame
Hall of Fame

‎06-30-2020 03:38 AM

Do you have the URL filtering license for your Firepower service module? That's a prerequisite to do this.

Do you know the IP addresses of the users you want to allow? You either need to know their IP addresses in advance or else have an external identity source like Cisco ISE or Firepower user agent to get that information dynamically by querying your Active Directory (AD) Domain Controllers (DCs).

Kt43387
Level 1
Level 1
In response to Marvin Rhoads

‎06-30-2020 03:47 AM

HI @Marvin Rhoads  Yes, we have a firepower module and a list of IP addresses of the users.

 

We simply want to create 2 objects with IP address and apply the filtering on them.

 

 

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame
In response to Kt43387

‎06-30-2020 04:20 AM

Since you confirmed you have License for the SFR.

 

below Video should able to help you to start with for better understanding  :

 

http://www.labminutes.com/sec0170_asa_firepower_url_web_category_filtering_1

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to Kt43387

‎06-30-2020 05:04 AM

@Kt43387 wrote:

HI @Marvin Rhoads  Yes, we have a firepower module and a list of IP addresses of the users.

 

We simply want to create 2 objects with IP address and apply the filtering on them.

 

 

You need more than just the module. You specifically need the URL Filtering license.

0 Helpful

Kt43387
Level 1
Level 1
In response to Marvin Rhoads

‎07-01-2020 11:04 PM

HI @Marvin Rhoads   one more thing, I need to access ASA from the outside network, i.e public network over Https and SSH, how can I achieve this.

 

Thanks

Krishna

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to Kt43387

‎07-02-2020 01:01 AM

You control ASA management access with the http and ssh commands. It's not a good idea to allow public-facing access as it makes your device a more attractive target for malicious software (hackers, script kiddies etc.).

If you absolutely must (or don't care) then use the commands as follows:

http outside 0.0.0.0 0.0.0.0
ssh outside 0.0.0.0 0.0.0.0

That assumes the nameif of the public interface is "outside" and that you want to allow access from any address.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card