Cisco ASA URL Filtering/Blacklisting using Botnet Traffic Filter


  • Under Configuration > Botnet Traffic Filter > DNS Snooping > Enable DNS Snooping on the Outside interface
    dns-snooping
  • Under Configuration > Botnet Traffic Filter > Enable Traffic Classified on the outside interfacetraffic-classification
  • On the same page, Add Blacklisted traffic action to DROPblacklist-traffic
  • Finally, add the domain names you wish to blacklist or whitelist in the blacklist and white list sectionblacklist-cisco
  • Once you have applied the configuration you can verify access via the ASDM log.

    How to on CLI

    dns domain-lookup outside
    dns server-group DefaultDNS
    name-server 8.8.8.8
    !
    dynamic-filter updater-client enable
    dynamic-filter use-database
    !
    access-list botnet-exclude extended deny ip any 10.100.0.0 255.255.0.0
    access-list botnet-exclude extended permit ip any any
    !
    dynamic-filter enable interface outside classify-list botnet-exclude
    !
    class-map botnet-DNS
    match port udp eq domain
    !
    policy-map botnet-policy
    class botnet-DNS
      inspect dns dynamic-filter-snoop
    !
    service-policy botnet-policy interface outside
    !
    dynamic-filter blacklist
     name www.cisco.com
    
    Related Posts with Thumbnails

    About the Author

    Alfred Tong
    Author and owner of this blog. A Networking enthusiast, full time networking and systems Engineer. Generally curious about all things IT.Certifications: GIAC GSEC, CCNP-S, CCNP, CCSP, CCDP, CCNA, RHCE, JNCIA - FWV