ASA-CX blocking Facebook apps... with https://?

Javier Aquino · ‎02-13-2013

Hello pro's

I've been playing around with the ASA-CX capability of blocking URLs or Facebook photos or games through policies. It works like a charm, but I encountered issues when I was using https; my policies stopped working. Also I was not seeing reports of the URLs I accessed using a secure connection (https)

However, after I enabled Decryption (Device->Decryption->Enable Decryption policies) I started seeing the reports of the URLs but still my policies are not working. The feature of blocking only certain apps or activities inside a web that could be perfectly used for business (such as facebook) is excelent, but if the users can go around as easily as using https, I don't see the point. I am sure I am missing some configuration steps... Could anybody please shed some light on this?

Thanks in advance!

Javier Aquino · ‎03-05-2013

Just updating...

I was not able to play with the Demo, but I figured out that I needed to first configure decrypting policies, then accept the ASA CX certificate on the client machine...

Unfortunately I had no more time to check it, I had to give the borrowed ASA back.

Fadil Kadrat · ‎11-03-2013

As initial action plan :

- you need to configure a URL object for Facebook if it was not configured :

- Enable Decryption policy , Device à Decryption and configure a certificate , either a self-signed one or import one.

- Then need to configure the Decryption policy for Facebook :

1. Policy to deny Facebook under Access section :

2. Policy Under decryption section :

Please let me know if you have any questions or concners