05-03-2021 12:39 AM
Hi All,
We setup FirePower with NAT(PAT I think) for a group of computer so that they can access internet.
However, we want to allow all computers able to visit a list of websites.
Is it possible and how?
Thanks,
Roy
Solved! Go to Solution.
05-03-2021 02:22 AM
FQDN DNS filtering
URL Filtering
https://www.youtube.com/watch?v=nXIBDQqekPY
https://wannabecybersecurity.blogspot.com/2019/07/configuring-cisco-fmc-url-filtering.html
05-03-2021 12:43 AM
05-03-2021 01:38 AM
We are running FTD and managing it by FMC.
Not all our internal computers are NATed. How can they access?
Thanks,
Roy
05-03-2021 01:44 AM
You'll at least need to PAT traffic from the internal lan, hiding traffic behind the outside interface. You don't need a static NAT per host if that is what you were implying. Restrict the outbound traffic using the options I previously metioned.
The other alternative is to use a proxy server, only this server would then need a NAT and outbound firewall rules. You can restrict outbound traffic on the proxy from the internal hosts ip address/username etc.
05-03-2021 02:09 AM
Yup, PAT with your suggestion will work. I have to modify the existing lazy Access Policy inside any > outside any.
May I have some example for FMC for URL filtering or FQDN object?
Thanks,
Roy Lee
05-03-2021 02:22 AM
03-16-2022 11:48 AM - edited 03-18-2022 02:13 AM
In some DHCP swimming pools, you have designated a DNS server other than eight.Eight.8.Eight to get the web agency service., is that on cause ? Are these 'problem' web sites not handy from unique Vlans, or from everywhere ?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide