https://community.cisco.com/t5/network-security/restricted-access-not-working-from-fmc-and-ftd-firewall/m-p/4908377#M1103602 <P>Dears,&nbsp;</P><P>I&nbsp; have issue with rules ,</P><P>i created 2 rules from fmc ,Rule1 deny all internet access for specific network or vlan for example server vlan 172 Network 192.168.172.0 and 172 192.168.173.0 .&nbsp;</P><P>and rule2 allow access network or vlan for example server vlan 172 Network 192.168.172.0 and 172 192.168.173.0 only for falcon.crowdstrike.com&nbsp; and windowsupdates.com .&nbsp;</P><P>I created rules like above ,rule1 deny is working blocking internet access for all servers but rule2 not working servers cant able to access falcon.crowdstrike.com&nbsp; and windowsupdates.com.&nbsp;</P><P>&nbsp;</P><P>Could you Guyz please help me resolve the above issues.&nbsp;</P><P>&nbsp;</P><P>Thank you&nbsp;</P> Sun, 20 Aug 2023 06:41:16 GMT ShareefKooliyodan0444 2023-08-20T06:41:16Z https://community.cisco.com/t5/network-security/restricted-access-not-working-from-fmc-and-ftd-firewall/m-p/4908377#M1103602 <P>Dears,&nbsp;</P><P>I&nbsp; have issue with rules ,</P><P>i created 2 rules from fmc ,Rule1 deny all internet access for specific network or vlan for example server vlan 172 Network 192.168.172.0 and 172 192.168.173.0 .&nbsp;</P><P>and rule2 allow access network or vlan for example server vlan 172 Network 192.168.172.0 and 172 192.168.173.0 only for falcon.crowdstrike.com&nbsp; and windowsupdates.com .&nbsp;</P><P>I created rules like above ,rule1 deny is working blocking internet access for all servers but rule2 not working servers cant able to access falcon.crowdstrike.com&nbsp; and windowsupdates.com.&nbsp;</P><P>&nbsp;</P><P>Could you Guyz please help me resolve the above issues.&nbsp;</P><P>&nbsp;</P><P>Thank you&nbsp;</P> Sun, 20 Aug 2023 06:41:16 GMT https://community.cisco.com/t5/network-security/restricted-access-not-working-from-fmc-and-ftd-firewall/m-p/4908377#M1103602 ShareefKooliyodan0444 2023-08-20T06:41:16Z https://community.cisco.com/t5/network-security/restricted-access-not-working-from-fmc-and-ftd-firewall/m-p/4908400#M1103608 <P>I had a little trouble following what your issue is.&nbsp; To my understanding it is the following:</P> <UL> <LI>Rule 1 deny rule works.</LI> <LI>Rule 2 access from VLAN 172 to crowdstrike and windowsupdate does not work.</LI> </UL> <P>Do you have NAT configured for the traffic? Run a packet-tracer to see if traffic is actually allowed through the firewall, if it is not this should give you a reason for the drop.</P> Sun, 20 Aug 2023 08:53:03 GMT https://community.cisco.com/t5/network-security/restricted-access-not-working-from-fmc-and-ftd-firewall/m-p/4908400#M1103608 Marius Gunnerud 2023-08-20T08:53:03Z https://community.cisco.com/t5/network-security/restricted-access-not-working-from-fmc-and-ftd-firewall/m-p/4908402#M1103609 <P>Yes, nat policy is there, also has internet access for rest of VLan.&nbsp; i need to configure restricted access for above networks.&nbsp;</P> Sun, 20 Aug 2023 09:15:47 GMT https://community.cisco.com/t5/network-security/restricted-access-not-working-from-fmc-and-ftd-firewall/m-p/4908402#M1103609 ShareefKooliyodan0444 2023-08-20T09:15:47Z https://community.cisco.com/t5/network-security/restricted-access-not-working-from-fmc-and-ftd-firewall/m-p/4908405#M1103611 <P>How have you confiugred the access rules then?&nbsp; using FQDN object or URL filtering?&nbsp; If using FQDN is the FTD able to resolve the URLS?</P> Sun, 20 Aug 2023 09:31:38 GMT https://community.cisco.com/t5/network-security/restricted-access-not-working-from-fmc-and-ftd-firewall/m-p/4908405#M1103611 Marius Gunnerud 2023-08-20T09:31:38Z https://community.cisco.com/t5/network-security/restricted-access-not-working-from-fmc-and-ftd-firewall/m-p/4908406#M1103612 <P>Please check attached , allowed from access policy as you said, but still not work .&nbsp;</P> Sun, 20 Aug 2023 09:39:59 GMT https://community.cisco.com/t5/network-security/restricted-access-not-working-from-fmc-and-ftd-firewall/m-p/4908406#M1103612 ShareefKooliyodan0444 2023-08-20T09:39:59Z https://community.cisco.com/t5/network-security/restricted-access-not-working-from-fmc-and-ftd-firewall/m-p/4908407#M1103613 <P>So you are using both Network object and URL.&nbsp; As long as there are no redirections happening do other URLs, I would suggest removing the URL configuration and just use the Network object.</P> Sun, 20 Aug 2023 09:45:28 GMT https://community.cisco.com/t5/network-security/restricted-access-not-working-from-fmc-and-ftd-firewall/m-p/4908407#M1103613 Marius Gunnerud 2023-08-20T09:45:28Z https://community.cisco.com/t5/network-security/restricted-access-not-working-from-fmc-and-ftd-firewall/m-p/4908408#M1103614 <P>I removed URL , but the same cant access&nbsp; sites . if unblock from block rule it is working but&nbsp; getting full internet access&nbsp;</P> Sun, 20 Aug 2023 09:54:59 GMT https://community.cisco.com/t5/network-security/restricted-access-not-working-from-fmc-and-ftd-firewall/m-p/4908408#M1103614 ShareefKooliyodan0444 2023-08-20T09:54:59Z https://community.cisco.com/t5/network-security/restricted-access-not-working-from-fmc-and-ftd-firewall/m-p/4908421#M1103615 <P>Could you post the block rule configuration please</P> Sun, 20 Aug 2023 11:58:46 GMT https://community.cisco.com/t5/network-security/restricted-access-not-working-from-fmc-and-ftd-firewall/m-p/4908421#M1103615 Marius Gunnerud 2023-08-20T11:58:46Z https://community.cisco.com/t5/network-security/restricted-access-not-working-from-fmc-and-ftd-firewall/m-p/4908758#M1103634 <P>Okay , please check attached ,its block rule.</P><P>&nbsp;</P> Mon, 21 Aug 2023 07:21:10 GMT https://community.cisco.com/t5/network-security/restricted-access-not-working-from-fmc-and-ftd-firewall/m-p/4908758#M1103634 ShareefKooliyodan0444 2023-08-21T07:21:10Z