Wireless Access

I need to block a website on 7210 controller
I already enabled the firewall with a license

 

Thanks

#7210

Are you using 6.4?
#7210

Yes

#7210

Create a netdestination with the DNS name. Then create a firewall policy with source user and destination alias and then choose the drop action.

Make sure your controller has a DNS server defined and that name lookups are enabled.

Sent from Windows Mail
#7210

Thanks,

 

Would you please send the commands or the steps if I can make it through GUI

#7210

Some will require command line:

 

 

COMMAND LINE:

 

ip name-server <dns-server-ip-1>
ip name-server <dns-server-ip-2>
ip domain lookup

 (it will tell you that you need to reboot however it should work without rebooting the controller)

 

GUI example blocking all of facebook.com including subdomains.

 

Create a netdestination under Configuration > Advanced Services > Stateful Firewall > Destination

    - Give it a name and add a new rule of type "Name". 

    - Enter the domain name you are trying to block. Since we are blocking subdomains as well (www.facebook, login.facebook), we will put an asterisk in front (see screenshot)

 

 

Now you'll want to create a new session ACL to block the traffic.

   - Navigate to Configuration > Security > Policies

   - Click Add to create a new session policy. Give it a name.

   - Click the add button to add an ACL entry. The screenshot below will block all traffic to any facebook website that ends in facebook.com

   - Notice for destination, you will select "Alias" and then choose the netdestination that you created in the previous step.

 

 

 

The last step is to add that policy to a user-role. Make sure it is higher than an allowall or allow all http/https.

 

 

 

If you'd like to see the current DNS cache on the controller, run:

 

#show firewall dns-names

 

#7210