cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

349
Views
0
Helpful
2
Replies

Cisco Firepower 2130 URL Filtering

Hi there,

 

I'm new to Cisco Firepower. We are in process to migrate from Cisco ASA 5510 to Cisco Firepower 2130. We are going to use FDM and not FMC.

 

My Question/Query: What is the best way to implement URL Filtering!! Should I configure URL filtering in every single Access Rule or create a a single rule precisely for URL Filtering and place this rule after all the specific Access Rule( allowed IPs)

 

Thanks in advance  

Everyone's tags (1)
1 ACCEPTED SOLUTION

Accepted Solutions
Hall of Fame Master

Re: Cisco Firepower 2130 URL Filtering

There's no one right answer.

If you have the (most common) use case of allowing all inside traffic outbound to the Internet then you would typically put URL filtering rules into that rule.

Sometimes enterprises want more granular URL filtering (i.e. .allow some sites or categories for one set of users and deny them for others). In that case you would create a set of rules, each with different URL Filtering policies and probably including identity context (username, group membership etc.).

Remember that Access Control Policy rules are first match and, when a match occurs, subsequent rules will not be considered (unless the action of the first match was "Monitor"). So you have to plan your rules with that in mind.

2 REPLIES 2
Hall of Fame Master

Re: Cisco Firepower 2130 URL Filtering

There's no one right answer.

If you have the (most common) use case of allowing all inside traffic outbound to the Internet then you would typically put URL filtering rules into that rule.

Sometimes enterprises want more granular URL filtering (i.e. .allow some sites or categories for one set of users and deny them for others). In that case you would create a set of rules, each with different URL Filtering policies and probably including identity context (username, group membership etc.).

Remember that Access Control Policy rules are first match and, when a match occurs, subsequent rules will not be considered (unless the action of the first match was "Monitor"). So you have to plan your rules with that in mind.

Re: Cisco Firepower 2130 URL Filtering

Got it. 

 

Thanks Marvin

CreatePlease to create content
Content for Community-Ad
August's Community Spotlight Awards
This widget could not be displayed.