cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1303
Views
0
Helpful
6
Replies

FirePower allow visit to specific websites

Roy Lee
Beginner
Beginner

Hi All,

We setup FirePower with NAT(PAT I think) for a group of computer so that they can access internet.

However, we want to allow all computers able to visit a list of websites.

Is it possible and how?

Thanks,

Roy

1 Accepted Solution
6 Replies 6

Rob Ingram
VIP Expert VIP Expert
VIP Expert

@Roy Lee 

Are you running FTD and how are you managing it, FMC or FDM?

Or are you running ASA with Firepower services?

What licensing do you have?

 

You could use URL filtering if you are licensed or FQDN objects, example here.

@Rob Ingram 

We are running FTD and managing it by FMC.

Not all our internal computers are NATed. How can they access?

Thanks,

Roy

@Roy Lee 

You'll at least need to PAT traffic from the internal lan, hiding traffic behind the outside interface. You don't need a static NAT per host if that is what you were implying. Restrict the outbound traffic using the options I previously metioned.

 

The other alternative is to use a proxy server, only this server would then need a NAT and outbound firewall rules. You can restrict outbound traffic on the proxy from the internal hosts ip address/username etc.

 

 

 

@Rob Ingram 

Yup, PAT with your suggestion will work. I have to modify the existing lazy Access Policy inside any > outside any.

May I have some example for FMC for URL filtering or FQDN object?

Thanks,

Roy Lee

euwjrtei
Beginner
Beginner

In some DHCP swimming pools, you have designated a DNS server other than eight.Eight.8.Eight to get the web agency service., is that on cause ? Are these 'problem' web sites not handy from unique Vlans, or from everywhere ?

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers