CX Configuration - Block https and configure multiple domain in URL objects

limlayhin · ‎03-24-2014

Hi,

I am using PRSM to configure CX. I tried to block Facebook web site but always fail. I noticed that it is HTTPS instead of HTTP.

Can CX blocked HTTPS website?

I have another problem. I created URL object. If the URL object has only one domain, eg youtube.com, I can block access to the site.

In policy, I select my URL object and set action to deny.

However, If I tried to put 2 domains in the URL object, eg youtube.com, vimeo.com, both web sites won't be blocked.

Anybody has similar experiences? I don't believe we can't put multiple domain in one single URL object.

Otherwise, I have to create hundreds of URL objects.

dan.letkeman · ‎04-05-2014

I would think you would have to enable decryption policies and setup your certificate so that the man in the middle process will work without user intervention.

Dan.

limlayhin · ‎04-07-2014

Thanks Dan.

I have yet to test this. Let me explore how to do it.

CSSW Computers · ‎06-26-2014

I had this same exact issue. The CX had an issue identifying and then filtering https traffic in earlier software versions. If you look at the release notes on software version 9.1.2-42 it shows that https traffic fails going through the CX and that it was fixed in that release. I would recommend getting to software release 9.2.1-2. I believe that is recommended and it fixes a lot of things. If you're already on a 9.2 version then disregard this post.

Release notes on 9.1.2-42

http://www.cisco.com/c/en/us/td/docs/security/asacx/9-1/release/notes/asacx_prsm_rn_91.html