Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2506
Views
10
Helpful
4
Replies

ASA Firepower block browsers

Florin Barhala
Level 6
Level 6

‎10-01-2018 01:08 AM - edited ‎02-21-2020 08:18 AM

Hi guys,

 

Does anyone know if it's possible to block using Firepower all browsers but one (let's say Chrome).

So in terms of old firewall rules way:

 Rule no1 - allow browser Chrome

 Rule no2 - deny any other browser

 

I found a hint (tracking User-Agent String) on this document using Cloud Security service, but I don't have this service/appliance.

 

Thanks,

Florin.

 

0 Helpful
4 Replies 4

Rob Ingram
VIP
VIP

‎10-01-2018 03:21 AM

Hi,
Using FTD and FMC 6.2.3 I've permitted internet access only using a specific browser. In the ACP rule you'd select the application (chrome, firefox etc) and then permit/deny as reequired. You obviously need the correct licensing.

HTH

Florin Barhala
Level 6
Level 6
In response to Rob Ingram

‎10-01-2018 05:57 AM

Hello RJI,

 

Thanks for the input! Indeed I could find Chrome on the listed apps.

Allow Chrome.PNG

 

I have two questions:

1. Where should I add this : Mandatory or Default Rules? 

2. After I add it is there a such thing as Implicit Deny? Currently I have no other rule so I don't want to risk adding one rule then dropping everything else.

 

Thanks,

Florin.

0 Helpful

Rob Ingram
VIP
VIP
In response to Florin Barhala

‎10-01-2018 06:50 AM

Hi,
I'd place in mandatory, these are applied first before default rules.
You have a Default Action at the bottom of the ACP from there you can select the default action of Block/Trust/Network Discovery etc.
HTH

Florin Barhala
Level 6
Level 6
In response to Rob Ingram

‎10-01-2018 08:38 PM

Nice, we are getting there!
Now let's dig into the next step:
1. As default action at the bottom I have a profile named IPS profile. This means adding just ONE rule in Mandatory field plays safe in regard to the overall traffic flow ?
2. I looked over web browser category, there're 49 listed today but there's no trace about the one I need to block, let's call it no 50. Do you think if I just add a 2nd rule of block any other web browser would it work for me ? If not a TAC case on Cisco could give me the signature to block "no 50"?

Thanks,
Florin.
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card