Buy or Renew
Buy or Renew
Meraki Community is live! Welcome Meraki Members! Learn more here.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1621
Views
0
Helpful
5
Replies

ASA webfilter using regex

Go to solution
Mohd Khairul Nizam
Level 8
Level 8

‎10-03-2012 12:46 PM - edited ‎03-11-2019 05:03 PM

Hi all,

I have a ASA 5510, it does webfilter using regular expression. (http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080940e04.shtml)

I block "\.facebook\.com" and it was successfull. But somehow other users is using https to access to FB.

Any ideas on how do i filter HTTPS?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Karsten Iwen
VIP
VIP
In response to Mohd Khairul Nizam

‎10-03-2012 11:36 PM

yes, to filter based on fqdn you need at least version 8.4(2). But be aware of the increased memory-requirements starting with version 8.3: http://www.cisco.com/en/US/docs/security/asa/asa83/release/notes/asarn83.html#wp454755

-- 
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni

--
If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.

View solution in original post

0 Helpful
5 Replies 5

Go to solution
lcambron
Level 9
Level 9

‎10-03-2012 03:04 PM

Im afraid this is not possible with the ASA, since the connection is encrypted, the ASA cannot inspect it.

You would need a different solution like websense.

Regards,

Felipe.

0 Helpful

Go to solution
Karsten Iwen
VIP
VIP

‎10-03-2012 03:34 PM

If you are runing 8.4, then you can filter that in your ACL based on FQDN: https://supportforums.cisco.com/docs/DOC-17014

Sent from Cisco Technical Support iPad App

--
If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.
0 Helpful

Go to solution
Mohd Khairul Nizam
Level 8
Level 8
In response to Karsten Iwen

‎10-03-2012 06:40 PM

currently I'm using ASA Version 8.0(3). Does it mean i need to upgrade the firmware to 8.4 then I able to perform the https filter as you describe above??

0 Helpful

Go to solution
Karsten Iwen
VIP
VIP
In response to Mohd Khairul Nizam

‎10-03-2012 11:36 PM

yes, to filter based on fqdn you need at least version 8.4(2). But be aware of the increased memory-requirements starting with version 8.3: http://www.cisco.com/en/US/docs/security/asa/asa83/release/notes/asarn83.html#wp454755

-- 
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni

--
If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.
0 Helpful

Go to solution
Mohd Khairul Nizam
Level 8
Level 8
In response to Karsten Iwen

‎12-11-2012 08:12 PM

OK tq,

I will try and see the result.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card