Telegram - . ? :)

Cisco ASA:

Adaptive security appliance

3

( ) Cisco ASA. 5500 , 5500-X. 8.4(2) , , .

, - . Cisco, Cisco WSA Web Security Appliance, URL .

:

  • MPF (Modular Policy Framework);
  • (ACL);
  • FQDN (Fully Qualified Domain Name) (ACL);

HTTP , HTTPS . , IP , Facebook, VK, Twitter .. , .


8.4(2), ACL FQDN ( ). , IP . FQDN www.facebook.com ACL.

, . DNS FQDN . TTL DNS , DNS ( , ) IP .

, www.website.com, IP- 3.3.3.3. ASA DNS - ( DNS ) ACL .

        FQDN  ACL

( , ). , :

domain-name merionet.ru
interface GigabitEthernet0
 nameif outside
 security-level 0
 ip address 1.2.3.0 255.255.255.0
interface GigabitEthernet1
 nameif inside
 security-level 100
 ip address 192.168.1.1
 
!    

!,  DNS     IP  
dns domain-lookup inside
dns server-group DefaultDNS
 name-server 192.168.1.2
 domain-name mycompany.com
 
! FQDN    ,   .    www   
object network obj-www.website.com
 fqdn www.website.com
object network obj-website.com
fqdn website.com

! FQDN    ACL   
access-list INSIDE-IN extended deny ip any object obj-www.website.com
access-list INSIDE-IN extended deny ip any object obj-website.com
access-list INSIDE-IN extended permit ip any any

! ACL    
access-group INSIDE-IN in interface inside

?


: