Cisco ASA URL Filtering/Blacklisting using Botnet Traffic Filter

TOPICS:

Posted By: Alfred Tong August 23, 2016


  • Under Configuration > Botnet Traffic Filter > DNS Snooping > Enable DNS Snooping on the Outside interface
    dns-snooping
  • Under Configuration > Botnet Traffic Filter > Enable Traffic Classified on the outside interfacetraffic-classification
  • On the same page, Add Blacklisted traffic action to DROPblacklist-traffic
  • Finally, add the domain names you wish to blacklist or whitelist in the blacklist and white list sectionblacklist-cisco

    • Once you have applied the configuration you can verify access via the ASDM log.

    How to on CLI

    dns domain-lookup outside
dns server-group DefaultDNS
name-server 8.8.8.8
!
dynamic-filter updater-client enable
dynamic-filter use-database
!
access-list botnet-exclude extended deny ip any 10.100.0.0 255.255.0.0
access-list botnet-exclude extended permit ip any any
!
dynamic-filter enable interface outside classify-list botnet-exclude
!
class-map botnet-DNS
match port udp eq domain
!
policy-map botnet-policy
class botnet-DNS
  inspect dns dynamic-filter-snoop
!
service-policy botnet-policy interface outside
!
dynamic-filter blacklist
 name www.cisco.com
    Related Posts with Thumbnails

    About the Author

    Alfred Tong
    Author and owner of this blog. A Networking enthusiast, full time networking and systems Engineer. Generally curious about all things IT.Certifications: GIAC GSEC, CCNP-S, CCNP, CCSP, CCDP, CCNA, RHCE, JNCIA - FWV