cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2468
Views
10
Helpful
4
Replies

ASA Firepower block browsers

Florin Barhala
Level 6
Level 6

Hi guys,

 

Does anyone know if it's possible to block using Firepower all browsers but one (let's say Chrome).

So in terms of old firewall rules way:

 Rule no1 - allow browser Chrome

 Rule no2 - deny any other browser

 

I found a hint (tracking User-Agent String) on this document using Cloud Security service, but I don't have this service/appliance.

 

Thanks,

Florin.

 

4 Replies 4

Hi,
Using FTD and FMC 6.2.3 I've permitted internet access only using a specific browser. In the ACP rule you'd select the application (chrome, firefox etc) and then permit/deny as reequired. You obviously need the correct licensing.

HTH

Hello RJI,

 

Thanks for the input! Indeed I could find Chrome on the listed apps.

Allow Chrome.PNG

 

I have two questions:

1. Where should I add this : Mandatory or Default Rules? 

2. After I add it is there a such thing as Implicit Deny? Currently I have no other rule so I don't want to risk adding one rule then dropping everything else.

 

Thanks,

Florin.

Hi,
I'd place in mandatory, these are applied first before default rules.
You have a Default Action at the bottom of the ACP from there you can select the default action of Block/Trust/Network Discovery etc.
HTH

Nice, we are getting there!
Now let's dig into the next step:
1. As default action at the bottom I have a profile named IPS profile. This means adding just ONE rule in Mandatory field plays safe in regard to the overall traffic flow ?
2. I looked over web browser category, there're 49 listed today but there's no trace about the one I need to block, let's call it no 50. Do you think if I just add a 2nd rule of block any other web browser would it work for me ? If not a TAC case on Cisco could give me the signature to block "no 50"?

Thanks,
Florin.
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: