Cisco ASA URL Filtering/Blacklisting using Botnet Traffic Filter

  • Under Configuration > Botnet Traffic Filter > DNS Snooping > Enable DNS Snooping on the Outside interface
  • Under Configuration > Botnet Traffic Filter > Enable Traffic Classified on the outside interfacetraffic-classification
  • On the same page, Add Blacklisted traffic action to DROPblacklist-traffic
  • Finally, add the domain names you wish to blacklist or whitelist in the blacklist and white list sectionblacklist-cisco
  • Once you have applied the configuration you can verify access via the ASDM log.

    How to on CLI

    dns domain-lookup outside
    dns server-group DefaultDNS
    dynamic-filter updater-client enable
    dynamic-filter use-database
    access-list botnet-exclude extended deny ip any
    access-list botnet-exclude extended permit ip any any
    dynamic-filter enable interface outside classify-list botnet-exclude
    class-map botnet-DNS
    match port udp eq domain
    policy-map botnet-policy
    class botnet-DNS
      inspect dns dynamic-filter-snoop
    service-policy botnet-policy interface outside
    dynamic-filter blacklist
    Related Posts with Thumbnails

    About the Author

    Alfred Tong
    Author and owner of this blog. A Networking enthusiast, full time networking and systems Engineer. Generally curious about all things IT.Certifications: GIAC GSEC, CCNP-S, CCNP, CCSP, CCDP, CCNA, RHCE, JNCIA - FWV