Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2965
Views
25
Helpful
10
Replies

Block URLs using ASDM

Go to solution
wynneitmgr
Level 3
Level 3

‎06-15-2021 05:01 AM

I would like to use ASDM to block my users from accessing certain websites. I am using ASDM 7.9 on ASA 5508. For instance, a url like Facebook, has multiple IP addresses. Any suggestions? Thank you.

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Rob Ingram
VIP
VIP
In response to wynneitmgr

‎06-15-2021 05:56 AM

@wynneitmgr 

There would be cost involved in the proxies I was thinking of, such as Cisco WSA or Cisco Umbrella SWG.

View solution in original post

10 Replies 10

Go to solution
Rob Ingram
VIP
VIP

‎06-15-2021 05:05 AM

Hi @wynneitmgr 

You could try using FQDNs in the access-list, example:-

 

https://community.cisco.com/t5/security-documents/using-hostnames-dns-in-access-lists-configuration-steps-caveats/ta-p/3123480

 

....but a proper web proxy would be a better solution than doing this on the ASA.

 

 

Go to solution
wynneitmgr
Level 3
Level 3
In response to Rob Ingram

‎06-15-2021 05:11 AM

@Rob Ingram 

So setting up a web proxy is a better way to block websites? I will try that.

0 Helpful

Go to solution
Rob Ingram
VIP
VIP
In response to wynneitmgr

‎06-15-2021 05:17 AM

@wynneitmgr Yes, much more features than an ASA. Alternatively if you were running FTD software (instead of ASA) with the URL filtering license, you'd be able to better filter traffic based on the URL, but less features than a dedicated web proxy.

Go to solution
wynneitmgr
Level 3
Level 3
In response to Rob Ingram

‎06-15-2021 05:18 AM

@Rob Ingram 

So are you suggesting something different then just editing the Hosts file with URLs that I want to block?

0 Helpful

Go to solution
Rob Ingram
VIP
VIP
In response to wynneitmgr

‎06-15-2021 05:32 AM

I was never suggesting editing host files to block the URLs.

If you just want to block facebook, you can use any of the options suggested....however a web proxy is probably a better solution, imo.

Go to solution
wynneitmgr
Level 3
Level 3
In response to Rob Ingram

‎06-15-2021 05:39 AM

@Rob Ingram 

Thanks for the clarification. I guess I am not familiar with setting up a web proxy. I will have to do some research on how to do that. Do you know if there is any good documentation online that I can read? Thanks!!

0 Helpful

Go to solution
Rob Ingram
VIP
VIP
In response to wynneitmgr

‎06-15-2021 05:56 AM

@wynneitmgr 

There would be cost involved in the proxies I was thinking of, such as Cisco WSA or Cisco Umbrella SWG.

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎06-15-2021 05:05 AM

check the information help you :  ( what model of ASA , do you have IPS module ?)

 

https://community.cisco.com/t5/security-documents/asa-url-filtering-via-asdm/ta-p/3120314

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Go to solution
wynneitmgr
Level 3
Level 3
In response to balaji.bandi

‎06-15-2021 05:11 AM

@balaji.bandi 

I have an ASA 5508 with ASDM 7.9

0 Helpful

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame
In response to wynneitmgr

‎06-16-2021 02:36 AM

as per the thread this was resolved i guess it was marked as solution, or any further assistance required here.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card