Cisco ASA URL Filtering/Blacklisting using Botnet Traffic Filter


Perform Web URL Filtering or Blacklisting without additional hardware

There’s a simple and free method of performing dynamic web URL filtering or blacklisting on the Cisco ASA without the need of implementing websense or N2H2/Smartfilter server. This is can be done via the Cisco ASA Botnet Traffic filter!

Botnet Traffic Filter license not required!

Normally you will require a license to activate the botnet traffic filter, which provides you to botnet database updates. However, little people are aware that you can do static blacklisting and whitelisting using the Botnet traffic component without the need to activate to use their database or obtain a license. The ASA’s botnet filter performs dynamic DNS lookups of the domain the URL is given and updates it’s filter based on the domain to IP mapping which is much more powerful than a static IP based access list.

Here’s how on ASDM

Prerequisite – The ASA must be running minimum 8.2 code to be able to configure botnet feature

  1. Enable DNS lookup on your outside interface – Configuration > DNS > DNS Clientdns-lookup
  2. Classify the traffic that will be exempted and subjected by creating an access-list.botnet-aclThe deny statement is for exempted traffic and permit statement is the subjected traffic.
  3. Related Posts with Thumbnails