10-06-2019 01:05 AM
There have been problems with Ransom ware sites,
we have list of site IP address that cause problems, so that is easy to add to a black list group
but some locations are only known by their FQDN from certain Domain servers
so we blocked that Domain server as well as the FQDN for the server.
so we note that when the ASA tries to get the IP address,
it talks to our internal DNS,which in turn tries Google, and Telstra which in turn come back with failure for that FQDN
but then it tries the blocked DNS server contunualy because it never gets a response, and the ASA keeps asking
It is doing its job ok the bad sites are blocked.
So my question is there a better way so the ASA does not keep trying?
Solved! Go to Solution.
10-06-2019 02:18 AM
10-06-2019 02:18 AM
10-06-2019 04:23 AM
Mohammed,
Thanks for the response, I will check this out
10-06-2019 02:51 AM
Is it the ASA itself that is trying to reach the blocked domains or hosts behind the ASA?
The best option here would be to invest in Umbrella / Open DNS to do URL filtering, or a firewall, such as FTD with FMC, that also supports URL filtering. That way you do not need to manually update URLs, or IPs in the ASA firewall rules this is done for you.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide