Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1955
Views
0
Helpful
6
Replies

FirePower allow visit to specific websites

Go to solution
Roy Lee
Level 1
Level 1

‎05-03-2021 12:39 AM

Hi All,

We setup FirePower with NAT(PAT I think) for a group of computer so that they can access internet.

However, we want to allow all computers able to visit a list of websites.

Is it possible and how?

Thanks,

Roy

0 Helpful
1 Accepted Solution

Accepted Solutions
6 Replies 6

Go to solution
Rob Ingram
VIP
VIP

‎05-03-2021 12:43 AM

@Roy Lee 

Are you running FTD and how are you managing it, FMC or FDM?

Or are you running ASA with Firepower services?

What licensing do you have?

 

You could use URL filtering if you are licensed or FQDN objects, example here.

0 Helpful

Go to solution
Roy Lee
Level 1
Level 1
In response to Rob Ingram

‎05-03-2021 01:38 AM

@Rob Ingram 

We are running FTD and managing it by FMC.

Not all our internal computers are NATed. How can they access?

Thanks,

Roy

0 Helpful

Go to solution
Rob Ingram
VIP
VIP
In response to Roy Lee

‎05-03-2021 01:44 AM

@Roy Lee 

You'll at least need to PAT traffic from the internal lan, hiding traffic behind the outside interface. You don't need a static NAT per host if that is what you were implying. Restrict the outbound traffic using the options I previously metioned.

 

The other alternative is to use a proxy server, only this server would then need a NAT and outbound firewall rules. You can restrict outbound traffic on the proxy from the internal hosts ip address/username etc.

 

 

 

0 Helpful

Go to solution
Roy Lee
Level 1
Level 1
In response to Rob Ingram

‎05-03-2021 02:09 AM

@Rob Ingram 

Yup, PAT with your suggestion will work. I have to modify the existing lazy Access Policy inside any > outside any.

May I have some example for FMC for URL filtering or FQDN object?

Thanks,

Roy Lee

0 Helpful

Go to solution
Rob Ingram
VIP
VIP
In response to Roy Lee

‎05-03-2021 02:22 AM

FQDN DNS filtering

https://www.cisco.com/c/en/us/support/docs/security/firepower-ngfw/214698-understand-fqdn-feature-on-firepower-thr.html

 

URL Filtering

https://www.youtube.com/watch?v=nXIBDQqekPY

https://wannabecybersecurity.blogspot.com/2019/07/configuring-cisco-fmc-url-filtering.html

 

How to configure URL Filtering on FirePower devices
How to configure URL Filtering on FirePower devices
youtube.com/watch?v=nXIBDQqekPY
Ankita Ojha is a part of Cisco Firepower TAC team and is actively assisting Customers in EMEA theatre. She has experience in multiple firewall technologies. Also, she holds a bachelor's degree in Computer Science and Engineering.
0 Helpful

Go to solution
euwjrtei
Level 1
Level 1

‎03-16-2022 11:48 AM - edited ‎03-18-2022 02:13 AM

In some DHCP swimming pools, you have designated a DNS server other than eight.Eight.8.Eight to get the web agency service., is that on cause ? Are these 'problem' web sites not handy from unique Vlans, or from everywhere ?

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card