10-03-2012 12:46 PM - edited 03-11-2019 05:03 PM
Hi all,
I have a ASA 5510, it does webfilter using regular expression. (http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080940e04.shtml)
I block "\.facebook\.com" and it was successfull. But somehow other users is using https to access to FB.
Any ideas on how do i filter HTTPS?
Solved! Go to Solution.
10-03-2012 11:36 PM
yes, to filter based on fqdn you need at least version 8.4(2). But be aware of the increased memory-requirements starting with version 8.3: http://www.cisco.com/en/US/docs/security/asa/asa83/release/notes/asarn83.html#wp454755
-- Don't stop after you've improved your network! Improve the world by lending money to the working poor: http://www.kiva.org/invitedby/karsteni
View solution in original post
10-03-2012 03:04 PM
Im afraid this is not possible with the ASA, since the connection is encrypted, the ASA cannot inspect it.
You would need a different solution like websense.
Regards,
Felipe.
10-03-2012 03:34 PM
If you are runing 8.4, then you can filter that in your ACL based on FQDN: https://supportforums.cisco.com/docs/DOC-17014
Sent from Cisco Technical Support iPad App
10-03-2012 06:40 PM
currently I'm using ASA Version 8.0(3). Does it mean i need to upgrade the firmware to 8.4 then I able to perform the https filter as you describe above??
12-11-2012 08:12 PM
OK tq,
I will try and see the result.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide
Log in to Community
