Solved: Re: Block DNS over HTTPS requests in Firepower

Shocksmith · ‎04-27-2021

Hi,

We have a number of 5506-X devices licensed for URL, IPS, and Malware filtering on the Firepower Module. These are installed in an education setting and therefore it is critical that certain content is blocked for the children using the network. We have discovered today that a certain user has been able to access pornographic thumbnail images from google searches due to the fact that Google Chrome is set to use Secure DNS (DNS over HTTPS) on their device on a public/BYOD network.

What is the best way to prevent users from attempting to use DNS over HTTPS on the Firepower module, and enforce standard DNS requests? We are using ADSM on this device and have no FMC.

Any ideas or suggestions would be gratefully received.

Thanks,

rschlayer · ‎05-03-2021

You could try blocking the Application "DNS over HTTPs" or "DNS over TLS".

Worked in my lab just fine, this is FTD 6.7.0.1 managed by FMC though.

BR
Rick

View solution in original post

rschlayer · ‎05-03-2021

You could try blocking the Application "DNS over HTTPs" or "DNS over TLS".

Worked in my lab just fine, this is FTD 6.7.0.1 managed by FMC though.

BR
Rick

Shocksmith · ‎05-03-2021

Thanks for the response Rick. I actually found this option when looking at this last week but forgot to update the thread.

To confirm this can blocked using an application rule in ASDM.

Marvin Rhoads · ‎05-03-2021

What @rschlayer said - that's the best option you have with the setup you've described. The application blocking settings should be available in the Firepower configuration section of ASDM.