This document describes the way of denying media download with help of ASA-CX (Context Aware) and issue faced by various users.
User is trying to deny mp3, avi, mp4 or mov file downloads from the prime security module on the ASA-5512CX.
The only options he have by default on this object are:
User doesn't know how to apply them for blocking the download operation or create a new category (like Video extensions).
User watched the real time event viewer to see how CX was interpreting the test mp3 download. He found he was seeing an http transaction with mime type audio/mpeg. User was then able to get a test policy to work by creating a new file filtering profile specifying Audio/mpeg in the file filter profile.
Below are screenshots showing test object and the results of a deny (click to enlarge):
Another user manage to block the mp3 file downloads, but he was having problems with the mp4 and avi policies. As as suggested, he captured the packet via time viewer. according to the package it has a content type of "video/mp4".
but when user add the video/mp4 string to the File Filetr it gives this error
"strings indices must be integers"
instead of "video/mp4" use "*/mp4", the application let the user to introduce that string.
But when user tests the policy by downloading something on mp4 format it let the user do it.It looks like a bug so need to wait for patch or fix.
Please tell me can anyone see what we are watching or doing or access on our device(Computer, Mobile and laptop etc) using the MAC ID of our devices(Computer, Mobile and laptop etc)? Inshort is the MAC ID sensitive thing if any stranger get this MAC ...
Hi all, Configure site to site between cisco asa and azure using route based vpn but now customer wants to source nat the subnet lie behind asa going for Azure end. I have checked but didnt found any document where i can source nat my traffic. ...
I believe that the statistics on the Cisco ASA are reset after a reload takes place but I was not able to find Cisco documentation to confirm this. Specifically looking at the "show vpn-sessiondb summary" statistics. Would anyone be able to confirm my tho...
I have a standalone NGFW 2110 with AnyConnect configured with there are several issues going on, and not sure if one is impacting the other. 1) Can't ping e1.7subif or e1/8 subif from the fw. However, e1/3 subif ping just fine. 2) When cli...