cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

329
Views
5
Helpful
6
Replies
Highlighted

ASA 5508X web filtering

Hi All,

 

I need to apply web filtering for a few users in ASA 5508(7.8) on subnet 192.1683.0.

 

like, from this subnet, few users should get access to Gmail only. another few users should get a complete block.

 

Please let me know the best way to achieve this.

 

I have firepower module.

 

Thanks

Krishna

6 REPLIES 6
Highlighted
Hall of Fame Guru

Re: ASA 5508X web filtering

Do you have the URL filtering license for your Firepower service module? That's a prerequisite to do this.

Do you know the IP addresses of the users you want to allow? You either need to know their IP addresses in advance or else have an external identity source like Cisco ISE or Firepower user agent to get that information dynamically by querying your Active Directory (AD) Domain Controllers (DCs).

Highlighted

Re: ASA 5508X web filtering

HI @Marvin Rhoads  Yes, we have a firepower module and a list of IP addresses of the users.

 

We simply want to create 2 objects with IP address and apply the filtering on them.

 

 

Highlighted
VIP Mentor

Re: ASA 5508X web filtering

Since you confirmed you have License for the SFR.

 

below Video should able to help you to start with for better understanding  :

 

http://www.labminutes.com/sec0170_asa_firepower_url_web_category_filtering_1

BB
*** Rate All Helpful Responses ***
Highlighted
Hall of Fame Guru

Re: ASA 5508X web filtering


@KrishnaTiwari8030 wrote:

HI @Marvin Rhoads  Yes, we have a firepower module and a list of IP addresses of the users.

 

We simply want to create 2 objects with IP address and apply the filtering on them.

 

 


You need more than just the module. You specifically need the URL Filtering license.

Highlighted

Re: ASA 5508X web filtering

HI @Marvin Rhoads   one more thing, I need to access ASA from the outside network, i.e public network over Https and SSH, how can I achieve this.

 

Thanks

Krishna

Highlighted
Hall of Fame Guru

Re: ASA 5508X web filtering

You control ASA management access with the http and ssh commands. It's not a good idea to allow public-facing access as it makes your device a more attractive target for malicious software (hackers, script kiddies etc.).

If you absolutely must (or don't care) then use the commands as follows:

http outside 0.0.0.0 0.0.0.0
ssh outside 0.0.0.0 0.0.0.0

That assumes the nameif of the public interface is "outside" and that you want to allow access from any address.