Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2600
Views
0
Helpful
4
Replies

Block HTTPS on ASA (Standard ASA no other features)

Go to solution
#TCN
Level 1
Level 1

‎11-12-2015 03:04 AM

is it possible to block specific https URL's on a standard ASA using the "regex" (regular expression) - I believe the customers ASA is running version 9.x

I had a look around the regex and looks like you can only block http and not https

 

Thanks

James

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Dinesh Moudgil
Cisco Employee
Cisco Employee

‎11-12-2015 04:00 AM

Hi James,

HTTPS filtering is not supported on ASA. ASA cannot do deep packet inspection or inspection based on regular expression for HTTPS traffic, because in HTTPS, content of packet is encrypted (SSL).

Reference:-
http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/100535-asa-8x-regex-config.html

Regards,
Dinesh Moudgil

P.S. Please rate helpful posts.

Cisco Network Security Channel - https://www.youtube.com/c/CiscoNetSec/

View solution in original post

0 Helpful

Go to solution
Jernej Vodopivec
Level 4
Level 4
In response to #TCN

‎11-12-2015 04:09 AM

ASA (with Sourcefire) will be able to analyze HTTPS traffic and block/allow it based on policy you configure - HTTPS decryption is coming with next major version.

You can use Cisco Web Security appliance along with Cisco ASA today to filter HTTP and HTTPS traffic.

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Dinesh Moudgil
Cisco Employee
Cisco Employee

‎11-12-2015 04:00 AM

Hi James,

HTTPS filtering is not supported on ASA. ASA cannot do deep packet inspection or inspection based on regular expression for HTTPS traffic, because in HTTPS, content of packet is encrypted (SSL).

Reference:-
http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/100535-asa-8x-regex-config.html

Regards,
Dinesh Moudgil

P.S. Please rate helpful posts.

Cisco Network Security Channel - https://www.youtube.com/c/CiscoNetSec/
0 Helpful

Go to solution
#TCN
Level 1
Level 1
In response to Dinesh Moudgil

‎11-12-2015 04:03 AM

Thanks Dinesh - much appriciated.

Regards,

James

0 Helpful

Go to solution
Jernej Vodopivec
Level 4
Level 4
In response to #TCN

‎11-12-2015 04:09 AM

ASA (with Sourcefire) will be able to analyze HTTPS traffic and block/allow it based on policy you configure - HTTPS decryption is coming with next major version.

You can use Cisco Web Security appliance along with Cisco ASA today to filter HTTP and HTTPS traffic.

0 Helpful

Go to solution
Karsten Iwen
VIP
VIP
In response to Jernej Vodopivec

‎11-13-2015 12:01 AM

The FirePOWER release 6.0.0 which includes SSL-Inspection on the local box was released two days ago. But as with any X.0.0 version, I first would use it in a test-system.

0 Helpful
Customers Also Viewed These Support Documents