Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2765
Views
5
Helpful
4
Replies

Firepower Thread Defense (via FMC) use external block page

mario.jost
Level 3
Level 3

‎12-10-2020 01:19 AM - edited ‎12-13-2020 10:23 PM

We want to implement a Cisco Firepower Thread Defense 1150 HA pair and are looking at the opions of adjusting the block page. The documenation is very thin about this topic. We now use a proxy server, that has limited adjustabilities of block pages as well. So we use an external block page instead, where we let the users open tickets directly via the block page itself. For this, we need some information like:

 

  • Webiste visited
  • Blocking reason
  • Username
  • Time & Date of the access

So in our block page for our barracuda web filter proxy, we just forward to the external page, giving all the important information in the URL. it looks like this:

<script type="text/javascript" language="javascript">
      window.location.href = "http://proxyblock/?d=%d&l=%l&r=%r&t=%t&z=%z";
</script>
Forwarding to proxy block page...

We are essentially looking for the same on the FTD. But there is no documentation on what variables are available that we can use... How have other companies solved this?

 

Thanks for any advice. Link to the documentation: https://www.cisco.com/c/en/us/td/docs/security/firepower/620/configuration/guide/fpmc-config-guide-v62/http_response_pages_and_interactive_blocking.html

 

 

0 Helpful
4 Replies 4

Mohammed al Baqari
Level 11
Level 11

‎12-14-2020 08:21 AM

Hi,

We forward to the same webpage as our proxy. We don't pass parameters to
the web server. On the ACP, HTTP Response you can point to the web server
hosting the page. The clients should be able to reach the page as it will
be direct communication between the client and the page.

**** please remember to rate useful posts
0 Helpful

mario.jost
Level 3
Level 3

‎12-15-2020 01:35 AM

We didnt ask for how to forward. We already forward to our internal webserver where the blockpage ist hosted. We are looking for available VARIABLES from the firewall that gives us the reason the access has been blocked. 

0 Helpful

mario.jost
Level 3
Level 3

‎12-15-2020 02:57 AM

Just found a topic that has the same question 5 years ago as i have today:

https://community.cisco.com/t5/network-security/access-control-policy-block-response-page/td-p/2570606

 

Sad, that Cisco was not able to implement this feature in the last 5 years. Hopefully this will come within the next 5 years...

LuigiDiFronzo9542
Level 1
Level 1
In response to mario.jost

‎11-19-2024 11:02 AM

Hi everyone,

Does anyone know if Cisco managed to implement this functionality?

I'm configuring an FMC ver 7.2.5 and there is no indication of having the ability to add some informational parameters like the reason for the denial for example.

Regards.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card