Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
834
Views
0
Helpful
3
Replies

Cisco 2921 Intrusion Prevention

Dimitris Mingos
Level 1
Level 1

‎04-19-2013 02:58 AM - edited ‎03-10-2019 05:56 AM

Hello,

I have a cisco 2921 Router with intrusion prevention license installed. I want to ask if there is a way in the signatures database to

block users from accessing specific websites like facebook,yahoo etc, or the only way this can happen is by using access-lists??

Thank you.         

Labels:
0 Helpful
3 Replies 3

lcambron
Level 3
Level 3

‎05-01-2013 07:23 PM

Hello,

Neither the IPS nor the ACLs are meant to block Websites.

Web pages like facebook and yahoo use https which is encrypted and can't be inspected by this features.

You can block by IP address by this is not a robust solution and can take long time and configuration since a single Site can have many IP addresses.

You can alse use regex on the router but you will have the same issue with https, only http can be blocked.

A better solution will be Websense.

Regards,

Felipe.

0 Helpful

_____Adam
Level 1
Level 1
In response to lcambron

‎05-01-2013 07:35 PM

Felipe's reply is correct.  However, if you do want to write an IPS signature to block a website you can use the following guide to do so:

Cisco Intrusion Prevention System Engine Quick Reference

-Blocking HTTP Websites

http://www.cisco.com/web/about/security/intelligence/ips_sig_quick_ref.html#4

0 Helpful

Tagir Temirgaliyev
Spotlight
Spotlight

‎05-01-2013 09:32 PM

palo alto can decrypt and inspect fttps

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card