I'm having some trouble making a Cisco ASA device block certain social networking sites which have become time sinks in our office. This question is really in two parts:
- Is there a reliable way to retrieve all of the IP addresses for these sites?
- It seems that Facebook's DNS servers respond with random IP addresses. A
dig
followed by annslookup
yield two different IP addresses forwww.facebook.com
.
- It seems that Facebook's DNS servers respond with random IP addresses. A
- Is there a trick to letting me add host names to Cisco ASA through Adaptive Security Device Manager (ASDM).
- I have found the URL filter, but that requires a third-party piece of software that I doubt I'll get funding for just to block these sites.
We're looking for a temporary solution until I can get Squid up and running, which may be as far out as six months (we need a network administrator, bad).
Best Answer
Who do you use as your DNS provider? If you can switch to someone like OpenDNS (it's free) they provide automatic (& very configurable) blocking of social networking sites, webmail, adult content etc.
EDIT: You don't have to change anything with your ISP either.