cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
726
Views
0
Helpful
3
Replies

Cisco ASA + AIP SSM url https filtering

superlubis
Level 1
Level 1

Can cisco block/filter https url such a https://www.cisco.com with inspect map or AP-SSM?

From Whaat i know is asa need third party like websense, to block. https url.

Thx

3 Replies 3

Julio Carvajal
VIP Alumni
VIP Alumni

Hello,

It can be done locally using the MPF ( with the use of regex and a layer 7 http inspection policy)

The AIP-SSM provides security to your network by using different mechanism like signature checks, global correlation,  anomaly detection,etc.

Now what you might want to use is the CSC-SSM module that provides you web filtering ( trend-micro)

Finally an external websense or any other kind of http url filtering device will do it.

Regards,

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

if user browse https sites thats mean he/she use port https right, i dont see https inspection in cisco asa. I only see http, ftp, dns, etc. so we cant use MPF because its only support http. correct me if im wrong

Hello Ibrahim, You will need to use the CSC-SSM module on the ASA or an external server for filter HTTPS..

Exactly

Regards

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
Review Cisco Networking for a $25 gift card