01-11-2023 12:03 PM
My organization has two Cisco FTD 1140s managed by an FMC. Both are running version 7.0.4. Is there anyway possible to block Windows 7 PCs that are connected to my inside interface from connecting to the internet?
01-11-2023 12:42 PM
YES / NO
YES if you know the User has fixed IP and user login to network any user identity
NO - if you do know the PC IP address and user coming from known user ID ?
or you looking if the Operating system is Windows 7 ? you would like to block it?
01-11-2023 12:55 PM
Thanks for the quick reply balaji. Can you elaborate or get me started looking in a direction as far as commands go?
01-11-2023 02:12 PM
not sure i have got an answer from you :
you looking if the Operating system is Windows 7 ? you would like to block it?
01-11-2023 01:48 PM
With only the FTD you will not be able to block devices based on operating system information. You would need to implement an identity access management system, like ISE, to be able to do this.
You can, however, integrate the FTD with Active Directory or LDAP and deny access based on user info. So if you know a specific user has a windows 7 machine, you could deny that person reaching the internet. But in this case you would also be denying this person access to internet from all machines they log onto with that username.
01-11-2023 02:11 PM - edited 01-11-2023 02:15 PM
https://rayka-co.com/lesson/cisco-ftd-network-discovery-policy/
as I know you have network discovery policy, check this solution.
https://www.youtube.com/watch?v=KkNT9FHcTZE
video show you how FTD can detect OS of host
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide