Cisco ASA 5505 URL Filtering/Blocking
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-07-2012 01:56 PM - edited 03-11-2019 04:27 PM
Hi,
I have ASA 5505 running 7.2.4, I want to prevent users accessing some web sites such as facebook , youtube and hotmail etc.
Can you please advise if that is possible with ASA 5505?
Which ASA 5505 IOS version should I use to block web access?
I don't want to isntall a dedicated filtering server ( websense etc) , I just want to block web sites statically on ASA 5505 via ASDM as I only have few sites to block.
Can you please let me know if ASA 5505 can do URL filtering, and what IOS is required ?
Many thanks
Salman.
- Labels:
-
NGFW Firewalls
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-07-2012 03:43 PM
Which ASA 5505 IOS version should I use to block web access?
not only for blocking but in general I would go for the newest 8.2 release. For everything newer you propably need a memory-upgrade.
How to block websites:
1) For HTTP you can write a L7-policy (HTTP-inspect-map) where you deny the domains or FQDNs you don't want.
2) For HTTPS it's not that easy as the ASA can't inspect that traffic. For that you could write a DNS-inspection and drop all queries for facebook etc. Of course that will not stop your users if they are smart enough ...
I would go the following way:
3) don't allow TCP/80 and TCP/443 through the ASA and send that traffic through a proxy. Then do the filtering there.
