Buy or Renew
Buy or Renew
NEW! Stay up-to-date on Cisco Secure Access: Software Release Notes and Announcements
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1064
Views
0
Helpful
1
Replies

Without URL Filtering wildcard support - any suggestions on how to do this?

t-crisall
Level 1
Level 1

‎10-10-2018 12:58 PM - edited ‎03-12-2019 07:01 AM

I have found evidence of Web Proxy Audo-Discovery (WPAD) requests leaving my organization.  These come from BYOD machines brought onto my network which are outside of my control.  I am interested in blocking 'http://*/wpad.dat' and from my reading this appears impossible to achieve using URL filtering in a Firepower Access Control Policy.

 

Any thoughts or solutions?

 

Thanks!

Labels:
0 Helpful
1 Reply 1

Marvin Rhoads
Hall of Fame
Hall of Fame

‎10-10-2018 08:55 PM - edited ‎10-10-2018 08:56 PM

You might possibly be able to block it via the sensitive data detection feature:

 

https://www.cisco.com/c/en/us/td/docs/security/firepower/623/configuration/guide/fpmc-config-guide-v623/sensitive_data_detection.html#ID-2236-00000496

 

However that may cause performance issues with your firewall.

 

One alternative would be to specify a "dummy" wpad.dat in your DHCP server options. The clients should detect that and thus not try to use the DNS lookup.

 

https://en.wikipedia.org/wiki/Web_Proxy_Auto-Discovery_Protocol#Notes

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card