11-24-2018 08:58 PM - edited 03-12-2019 07:07 AM
ASA only can browse
but After applied sfr , can not browse
if it is state firewall , do I need to allow
from outside port 443 to inside private network or NAT address?
11-24-2018 10:37 PM
Hi,
Please create the redirection policy like below and try.
!
access-list sfr_redirect extended permit ip any any
!
class-map sfr
match access-list sfr_redirect
!
policy-map global_policy
class sfr
sfr fail-open
!
service-policy global_policy global
HTH
Abheesh
11-25-2018 04:12 AM
This is permit all , will it have security risk ?
because sfr is applying outside too
11-25-2018 06:33 AM
No, Its permiting all traffic to go via SFR for insoection. You can create block rules in SFR as well . All your other deny rules will work as per the ASA accesslist.
HTH
Abheesh
11-26-2018 04:59 AM
11-26-2018 01:11 AM
You have some very restrictive Deny statements in your Access Control Policy. It's very likely they are blocking the traffic.
11-26-2018 05:01 AM
12-27-2018 01:13 AM - edited 12-27-2018 01:19 AM
I succeed to use firepower to browse web
After remove ASA accesslist in console config
Then only apply firepower’s own access list
Country allow United States, United Kingdom , France, Germany, Canada , Japan , Singapore , Taiwan
it seems fulfil requirement of content distribution network
But I can not access amazon web and amazon console app in iPhone
12-27-2018 01:20 AM
12-27-2018 02:44 AM - edited 12-27-2018 02:44 AM
First allow rule is DNS
second allow rules is http and https
default IPS policy i use security over connectivity
application allow in second rule are amazon and google
then the rest block
i did not block application deliberately.
i think they are allowed in second rules
12-27-2018 02:48 AM
12-27-2018 04:07 AM
Amazon use content distribution network
i shutdowned firewall
may be I try it tomorrow
not easy to tune and fit the optimal setting
is there any statistics commands that are for firepower, in ASA console?
when I try to classify traffic into countries
i feel clumsy to create many same rule for just one country.
where can set maximum connection in Firepower ?
I want to narrow the connection to my current using two applications, chrome and Mstsc Remote Desktop only
where can Filter Java in Firepower and will it influence HSBC transaction in iPhone and notebook ?
actually I still have not tested stock trading or transfer money with Firepower , I afraid of failure in part of transactions because application I only choose amazon and google , what should I choose application for banking application?
01-04-2019 03:03 AM
Today I tested again
i change to balanced security and connectivity
then I remove all amazon and google applications in access policy
I succeed to use amazon console app in iPhone
but can not see the configuration page after login amazon cloud web in notebook
Succed to remote control window of amazon cloud but have several times of connection cut before succeed
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide