cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2147
Views
5
Helpful
3
Replies

Firepower Thread Defense (via FMC) use external block page

mario.jost
Level 3
Level 3

We want to implement a Cisco Firepower Thread Defense 1150 HA pair and are looking at the opions of adjusting the block page. The documenation is very thin about this topic. We now use a proxy server, that has limited adjustabilities of block pages as well. So we use an external block page instead, where we let the users open tickets directly via the block page itself. For this, we need some information like:

 

  • Webiste visited
  • Blocking reason
  • Username
  • Time & Date of the access

So in our block page for our barracuda web filter proxy, we just forward to the external page, giving all the important information in the URL. it looks like this:

<script type="text/javascript" language="javascript">
      window.location.href = "http://proxyblock/?d=%d&l=%l&r=%r&t=%t&z=%z";
</script>
Forwarding to proxy block page...

We are essentially looking for the same on the FTD. But there is no documentation on what variables are available that we can use... How have other companies solved this?

 

Thanks for any advice. Link to the documentation: https://www.cisco.com/c/en/us/td/docs/security/firepower/620/configuration/guide/fpmc-config-guide-v62/http_response_pages_and_interactive_blocking.html

 

 

3 Replies 3

Hi,

We forward to the same webpage as our proxy. We don't pass parameters to
the web server. On the ACP, HTTP Response you can point to the web server
hosting the page. The clients should be able to reach the page as it will
be direct communication between the client and the page.

**** please remember to rate useful posts

mario.jost
Level 3
Level 3

We didnt ask for how to forward. We already forward to our internal webserver where the blockpage ist hosted. We are looking for available VARIABLES from the firewall that gives us the reason the access has been blocked. 

mario.jost
Level 3
Level 3

Just found a topic that has the same question 5 years ago as i have today:

https://community.cisco.com/t5/network-security/access-control-policy-block-response-page/td-p/2570606

 

Sad, that Cisco was not able to implement this feature in the last 5 years. Hopefully this will come within the next 5 years...

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: