Cisco ASA URL Filtering/Blacklisting using Botnet Traffic Filter

TOPICS:5500 5505 5510 5520 asa asdm blacklist Cisco dns domain Dynamic http Proxy Squid url filter Websense whitelist

Posted By: Alfred Tong August 23, 2016

Under Configuration > Botnet Traffic Filter > DNS Snooping > Enable DNS Snooping on the Outside interface

Under Configuration > Botnet Traffic Filter > Enable Traffic Classified on the outside interface

On the same page, Add Blacklisted traffic action to DROP

Finally, add the domain names you wish to blacklist or whitelist in the blacklist and white list section

Once you have applied the configuration you can verify access via the ASDM log.

How to on CLI

dns domain-lookup outside
dns server-group DefaultDNS
name-server 8.8.8.8
!
dynamic-filter updater-client enable
dynamic-filter use-database
!
access-list botnet-exclude extended deny ip any 10.100.0.0 255.255.0.0
access-list botnet-exclude extended permit ip any any
!
dynamic-filter enable interface outside classify-list botnet-exclude
!
class-map botnet-DNS
match port udp eq domain
!
policy-map botnet-policy
class botnet-DNS
  inspect dns dynamic-filter-snoop
!
service-policy botnet-policy interface outside
!
dynamic-filter blacklist
 name www.cisco.com

1 2 3

Alfred Tong

Author and owner of this blog. A Networking enthusiast, full time networking and systems Engineer. Generally curious about all things IT.Certifications: GIAC GSEC, CCNP-S, CCNP, CCSP, CCDP, CCNA, RHCE, JNCIA - FWV

How to on CLI

About the Author

Alfred Tong