My organization has the requirement below, and was wondering if we can leverage the ASA with Botnet Traffic Filter:
Req:
For all external Internet flows that attempt to access a service inside the Company enclave, the system must police and filter the traffic based on the source domain (fqdn). For example, external client on external domain source IP address is "Ext.Source.IP" going to internal server "Int.IP:serviceX" where the security device looks (reverse dns) up the "Ext.Source.IP" to determine the domain from a local list (on the security device) of black or white listed domains in order to make the forwarding decision. If there is no match, then a list of black or white listed IP address(es) is used to make the determination to forward or block the data flow.
Some concerns is how big the buffering cost (delay, cpu, memory) is incurred while doing the "transaction" . Any thoughts and usage experience is greatly appriciated.