11-28-2018 08:23 PM - edited 03-08-2019 04:42 PM
I have a problem that I am a network layer to the internet but in the network layer there are computers that are banned to the internet completely, i have created nat so that the whole network can go out to the internet, i specify network the banned machines, i Create a rule that specifies that the machine only goes to a web address of my company and I create a rule below to block all paths other than to visit the site, it runs but some holes are the applicaton like viber can still use umbrellas though i create additional rule insertion block in the middle.
11-28-2018 09:13 PM
more info please in your screen shots exactly what needs to be blocked from going to the internet ( that vlan90?). if so just dont source nat (keep original) and destination nat all destinations to the one website.
11-29-2018 12:55 AM - edited 11-29-2018 01:21 AM
This is my policy table
My model is I configured on the FMC asa (Vmware) routing table network layer as pictured with the peplink device and at the same time configuring nat (i tried removing nat) but apparently the application like viber, outlook still works Even though there are internet policy rules
It seems that the deny policy of the asa firewall still has holes in the application department when I have tried quite a few ways but the application can still go out the internet but while the website was blocked
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide