topic Re: FTD URL filtering is not working in Network Security

FTD URL filtering is not working

Scryden2 — Wed, 13 Aug 2025 04:25:47 GMT

I manage an ISA 3000 firewall running FTD 7.4.2.3-4 using the FDM. This is for a small site with just this one firewall. There is no FMC and we do not want FMC. The device will be managed through FDM. We have all the NGFW licenses for the FTD (IPS/IDS, Malware, URL). When configuring access policies to block website categories, the URL filtering is not working at all. After trying to open any of the risky websites, say cryptocurrency or pornography websites, the websites still open just fine. When checking the hit counter of the rules, I see that the block rule never gets hit, even though it is listed before the general allow rule. See attached screenshot of my configuration. What am I doing wrong here?

PS: Do not worry about rule #2. We are testing a few things and this blanket allow rule only applies to traffic from inside vlans to other inside vlans, not towards the internet.

Re: FTD URL filtering is not working

Marvin Rhoads — Wed, 13 Aug 2025 04:49:04 GMT

Does the firewall have a DNS configuration so that it knows how to resolve and categorize URLs by their DNS entry?

Re: FTD URL filtering is not working

Scryden2 — Wed, 13 Aug 2025 04:54:24 GMT

Hi Marvin,

Yes. Please see attached screenshots. It is also able to communicate with SMARTnet and retrieve VDB and intrusion updates just fine.

Re: FTD URL filtering is not working

Marvin Rhoads — Wed, 13 Aug 2025 05:04:08 GMT

Ok, that all appears correct.

If you enter a test URL in the filtering section, does it get categorized as expected?

Re: FTD URL filtering is not working

Scryden2 — Wed, 13 Aug 2025 05:23:41 GMT

Hi Marvin,

Please disregard. I found my own mistake. I recently changed the gateway for the management interface and I punched in the wrong IP address. After updating it to the correct one the URL filtering now seems to be working.

One thing I do want to clarify though is the following:
When a URL is part of 2 separate URL categories, and I have only 1 blocked but not the other, the website is permitted. For example, I am blocking the category 'cryptocurrency' but not 'online trading'. One of the crypto websites I am testing with is in both the category 'cryptocurrency' and 'online trading', according to Cisco Talos. I can open the website just fine. This company needs to have access to trading platforms but wants to exclude crypto platforms. Is this expected behavior of the firewall and is the only way around it to manually block the URLs in question?

Re: FTD URL filtering is not working

MHM Cisco World — Wed, 13 Aug 2025 08:52:17 GMT

https://community.cisco.com/t5/network-security/difference-between-security-intelligence-and-url-filtering-on/td-p/3682603

There are two

Url filter and SI url' you can use both to achieve what you want

MHM