https://community.cisco.com/t5/network-security/fmc-with-restricted-internet-connection-need-urls/m-p/3674803#M1040032 <P>Hi. I haven't been able to find the information.</P> <P>We're deploying a new virtual FMC that is going to manage 2 FTD devices (2100). This customer doesn't want to give full Internet access to this machine, they say they want to restrict to certains ports and public IP Addresses.</P> <P>&nbsp;</P> <P>How can I find which URLs/Public IP Address we need to consider? I need connection to Smart Licensing, since we will be using Smart Licenses for FTD, and I know FMC also needs to consult to the cloud for AMP analysis, VDB- Snort updates, Security Intelligence, etc.</P> <P>&nbsp;</P> <P>I appreciate if someone can help us to find out which URLs we need to permit, or how can we approach this!</P> Fri, 21 Feb 2020 16:01:15 GMT Soporteco 2020-02-21T16:01:15Z https://community.cisco.com/t5/network-security/fmc-with-restricted-internet-connection-need-urls/m-p/3674803#M1040032 <P>Hi. I haven't been able to find the information.</P> <P>We're deploying a new virtual FMC that is going to manage 2 FTD devices (2100). This customer doesn't want to give full Internet access to this machine, they say they want to restrict to certains ports and public IP Addresses.</P> <P>&nbsp;</P> <P>How can I find which URLs/Public IP Address we need to consider? I need connection to Smart Licensing, since we will be using Smart Licenses for FTD, and I know FMC also needs to consult to the cloud for AMP analysis, VDB- Snort updates, Security Intelligence, etc.</P> <P>&nbsp;</P> <P>I appreciate if someone can help us to find out which URLs we need to permit, or how can we approach this!</P> Fri, 21 Feb 2020 16:01:15 GMT https://community.cisco.com/t5/network-security/fmc-with-restricted-internet-connection-need-urls/m-p/3674803#M1040032 Soporteco 2020-02-21T16:01:15Z https://community.cisco.com/t5/network-security/fmc-with-restricted-internet-connection-need-urls/m-p/3674810#M1040034 <P>Required ports and access for the Firepower is documented here:</P> <P>&nbsp;</P> <P><A href="https://www.cisco.com/c/en/us/td/docs/security/firepower/623/configuration/guide/fpmc-config-guide-v623/security__internet_access__and_communication_ports.html" target="_blank">https://www.cisco.com/c/en/us/td/docs/security/firepower/623/configuration/guide/fpmc-config-guide-v623/security__internet_access__and_communication_ports.html</A></P> <P>&nbsp;</P> <P>From an allowed URL perspective, I know of a few that the Firepower uses (at least previously):</P> <P>support.sourcefire.com</P> <P>software.cisco.com</P> <P>intelligence.sourcefire.com</P> <P>database.brightcloud.com</P> <P>service.brightcloud.com</P> <P>&nbsp;</P> <P>My recommendation is to remove the FMC from any access restriction rules. I have had trouble with FMC downloading URL Databases when I put it through existing&nbsp;content filters/proxies etc.&nbsp;</P> Wed, 25 Jul 2018 21:11:53 GMT https://community.cisco.com/t5/network-security/fmc-with-restricted-internet-connection-need-urls/m-p/3674810#M1040034 Rahul Govindan 2018-07-25T21:11:53Z https://community.cisco.com/t5/network-security/fmc-with-restricted-internet-connection-need-urls/m-p/3674889#M1040035 thanks a lot Rahul<BR /><BR />I had already seen that document, where they explain the reason for Internet access (by feature), but URL's are not included. Unfortunately this customer insists on filtering by domains or Public IP Addresses, but I'm seeing it quite difficult. Wed, 25 Jul 2018 23:43:36 GMT https://community.cisco.com/t5/network-security/fmc-with-restricted-internet-connection-need-urls/m-p/3674889#M1040035 Soporteco 2018-07-25T23:43:36Z https://community.cisco.com/t5/network-security/fmc-with-restricted-internet-connection-need-urls/m-p/3674907#M1040036 <P>I agree with you, but the only ones I have are the ones below:</P> <P>&nbsp;</P> <P>support.sourcefire.com</P> <P>software.cisco.com</P> <P>intelligence.sourcefire.com</P> <P>database.brightcloud.com</P> <P>service.brightcloud.com</P> <P>&nbsp;</P> <P>If you can use wildcard's, then try allowing .cisco, .sourcefire and .brightcloud to the allow list. The problem with static ip addresses is that the content is mostly stored on AWS or on CDN's, which almost always changes.&nbsp;</P> Thu, 26 Jul 2018 00:19:50 GMT https://community.cisco.com/t5/network-security/fmc-with-restricted-internet-connection-need-urls/m-p/3674907#M1040036 Rahul Govindan 2018-07-26T00:19:50Z https://community.cisco.com/t5/network-security/fmc-with-restricted-internet-connection-need-urls/m-p/3674977#M1040037 <P>Hi,</P> <P>&nbsp;</P> <P>Though not consolidated, but&nbsp;all the URL's can be determined in the below 3 documents:</P> <P>&nbsp;</P> <P><A href="https://www.cisco.com/c/en/us/support/docs/security/sourcefire-amp-appliances/118121-technote-sourcefire-00.html" target="_blank">https://www.cisco.com/c/en/us/support/docs/security/sourcefire-amp-appliances/118121-technote-sourcefire-00.html</A></P> <P>&nbsp;</P> <P><A href="https://www.cisco.com/c/en/us/support/docs/security/firesight-management-center/118852-technote-firesight-00.html" target="_blank">https://www.cisco.com/c/en/us/support/docs/security/firesight-management-center/118852-technote-firesight-00.html</A></P> <P>&nbsp;</P> <P><A href="https://www.cisco.com/c/en/us/support/docs/security/firesight-management-center/118791-technote-firesight-00.html" target="_blank">https://www.cisco.com/c/en/us/support/docs/security/firesight-management-center/118791-technote-firesight-00.html</A></P> <P>&nbsp;</P> <P>&nbsp;</P> Thu, 26 Jul 2018 03:12:50 GMT https://community.cisco.com/t5/network-security/fmc-with-restricted-internet-connection-need-urls/m-p/3674977#M1040037 Raghunath Kulkarni 2018-07-26T03:12:50Z https://community.cisco.com/t5/network-security/fmc-with-restricted-internet-connection-need-urls/m-p/3675606#M1040038 <P>Thanks a lot, that's very useful.</P> <P>&nbsp;</P> <P>However, I'm still worried about the connection to Smart Licensing Portal. FTD devices use Smart Licensing, and FMC will need a connection to the cloud. I've read so many documents about Smart Licensing but none of them give me information about IP addreses or URLs.</P> Thu, 26 Jul 2018 17:29:41 GMT https://community.cisco.com/t5/network-security/fmc-with-restricted-internet-connection-need-urls/m-p/3675606#M1040038 Soporteco 2018-07-26T17:29:41Z https://community.cisco.com/t5/network-security/fmc-with-restricted-internet-connection-need-urls/m-p/3675924#M1040039 As far as smart licensing is concerned, we need to make sure that the URL:<BR /> <A href="https://smart-satellite.cisco.com:443" target="_blank">https://smart-satellite.cisco.com:443</A> to be resolved by the FMC at any given point in time. Fri, 27 Jul 2018 01:25:13 GMT https://community.cisco.com/t5/network-security/fmc-with-restricted-internet-connection-need-urls/m-p/3675924#M1040039 Raghunath Kulkarni 2018-07-27T01:25:13Z https://community.cisco.com/t5/network-security/fmc-with-restricted-internet-connection-need-urls/m-p/3676394#M1040040 <P>Hi Raghunat, but that URL is not resolvable, are you sure we need that one?</P> Fri, 27 Jul 2018 16:58:35 GMT https://community.cisco.com/t5/network-security/fmc-with-restricted-internet-connection-need-urls/m-p/3676394#M1040040 Soporteco 2018-07-27T16:58:35Z https://community.cisco.com/t5/network-security/fmc-with-restricted-internet-connection-need-urls/m-p/3840352#M1040041 <P>Hi Raghunath.<BR />Good solution to resolve the internet restrictions in FMC server and use smartlicense. But this no resolve the fact that we need to have the FMC witch internet connection to have a database updated, receive feeds right?</P> Wed, 17 Apr 2019 14:02:42 GMT https://community.cisco.com/t5/network-security/fmc-with-restricted-internet-connection-need-urls/m-p/3840352#M1040041 Tiago Andrade de Paula 2019-04-17T14:02:42Z https://community.cisco.com/t5/network-security/fmc-with-restricted-internet-connection-need-urls/m-p/3897313#M1040042 <P>The URL&nbsp;<A href="https://smart-satellite.cisco.com/" target="_blank" rel="nofollow noopener noreferrer">https://smart-satellite.cisco.com:443</A> is not accessible.</P><P>&nbsp;</P><P>Is this URL is mandatory or Is there any other URL instead of this ?</P> Thu, 25 Jul 2019 07:22:39 GMT https://community.cisco.com/t5/network-security/fmc-with-restricted-internet-connection-need-urls/m-p/3897313#M1040042 lingesha.ts 2019-07-25T07:22:39Z https://community.cisco.com/t5/network-security/fmc-with-restricted-internet-connection-need-urls/m-p/4031928#M1040043 <P>You can check the link :&nbsp;</P><P>&nbsp;</P><P><A href="https://www.cisco.com/c/en/us/td/docs/security/firepower/623/configuration/guide/fpmc-config-guide-v623/security__internet_access__and_communication_ports.html" target="_blank">https://www.cisco.com/c/en/us/td/docs/security/firepower/623/configuration/guide/fpmc-config-guide-v623/security__internet_access__and_communication_ports.html</A></P> Wed, 19 Feb 2020 02:40:47 GMT https://community.cisco.com/t5/network-security/fmc-with-restricted-internet-connection-need-urls/m-p/4031928#M1040043 isaac_ferreira 2020-02-19T02:40:47Z