Is it possible to configure a conditional policy on ASA, for example - I have 3 interfaces Inside, Proxy and Outside. All http/https traffic from the inside users ig going to Proxy (and passed to Outside thereafter). The rule explicitly blocks direct http/https traffic from Inside to Outside. Can I create a rule that enables (or disable deny statement) for http/https traffic in case a Proxy device is not available (let's say IP SLA probe detects it is down)?
The clients are configured with 'auto detect proxy settings', i.e. internet exporer users. The users cannot go directly because of ACL. I want this ACL disabled once proxy is not reachable.
I don't believe you can directly modify an access-list in response to an ip sla operation. You may be able to use Embedded Event Manager (EEM) to accomplish this however.
Here's a link to the EEM section of the ASA configuration guide (requires ASA 9.2(1) or later).