I need to apply web filtering for a few users in ASA 5508(7.8) on subnet 192.1683.0.
like, from this subnet, few users should get access to Gmail only. another few users should get a complete block.
Please let me know the best way to achieve this.
I have firepower module.
Do you have the URL filtering license for your Firepower service module? That's a prerequisite to do this.
Do you know the IP addresses of the users you want to allow? You either need to know their IP addresses in advance or else have an external identity source like Cisco ISE or Firepower user agent to get that information dynamically by querying your Active Directory (AD) Domain Controllers (DCs).
HI @Marvin Rhoads Yes, we have a firepower module and a list of IP addresses of the users.
We simply want to create 2 objects with IP address and apply the filtering on them.
Since you confirmed you have License for the SFR.
below Video should able to help you to start with for better understanding :
HI @Marvin Rhoads one more thing, I need to access ASA from the outside network, i.e public network over Https and SSH, how can I achieve this.
You control ASA management access with the http and ssh commands. It's not a good idea to allow public-facing access as it makes your device a more attractive target for malicious software (hackers, script kiddies etc.).
If you absolutely must (or don't care) then use the commands as follows:
http outside 0.0.0.0 0.0.0.0 ssh outside 0.0.0.0 0.0.0.0
That assumes the nameif of the public interface is "outside" and that you want to allow access from any address.