topic Thanks, Thats what I thought. in Network Security

Firepower URL access rule question

SIMMN — Tue, 12 Mar 2019 09:10:04 GMT

Hi,

Within FMC, if you setup a access control rule, you define the action to be allowed or deny etc. Then define the matching criteria, like network and/or services. But one question regarding the URL portion: if the action set to Allow for the rule, then what categories of URL to be selected, the permitted categories OR blocked ones?

Say, I want to allow LAN end-user web traffic outbound, but I want to block access to URL categories: Porn and Illegible... So can I do this in one rule OR I have to do two rules: one just to block those URL categories and second rule to allow web traffic?

Make a rule with action

Marvin Rhoads — Mon, 03 Apr 2017 15:31:59 GMT

Make a rule with action "block" and the URL categories you wish to block. Follow it with an allow for other traffic. Just like in an ASA, the rules are evaluated from the top down and first match ends the ACP (Access Control Policy) rule processing.

Thanks, Thats what I thought.

SIMMN — Mon, 03 Apr 2017 16:31:44 GMT

Thanks, Thats what I thought...

Comparing to other vendors, like PAN and Fortinet, their setup is using security profile (such web filter profile) to control the content blocking even the access control which has the profile associated is set to allow.

The ASA/SFR way is not much more labor effort but just different I guess...