Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1036
Views
0
Helpful
2
Replies

Cisco Firepower 2130 URL Filtering

Go to solution
sheikhrazib2766
Level 1
Level 1

‎06-10-2019 06:45 PM - edited ‎02-21-2020 09:12 AM

Hi there,

 

I'm new to Cisco Firepower. We are in process to migrate from Cisco ASA 5510 to Cisco Firepower 2130. We are going to use FDM and not FMC.

 

My Question/Query: What is the best way to implement URL Filtering!! Should I configure URL filtering in every single Access Rule or create a a single rule precisely for URL Filtering and place this rule after all the specific Access Rule( allowed IPs)

 

Thanks in advance  

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎06-10-2019 07:40 PM

There's no one right answer.

If you have the (most common) use case of allowing all inside traffic outbound to the Internet then you would typically put URL filtering rules into that rule.

Sometimes enterprises want more granular URL filtering (i.e. .allow some sites or categories for one set of users and deny them for others). In that case you would create a set of rules, each with different URL Filtering policies and probably including identity context (username, group membership etc.).

Remember that Access Control Policy rules are first match and, when a match occurs, subsequent rules will not be considered (unless the action of the first match was "Monitor"). So you have to plan your rules with that in mind.

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎06-10-2019 07:40 PM

There's no one right answer.

If you have the (most common) use case of allowing all inside traffic outbound to the Internet then you would typically put URL filtering rules into that rule.

Sometimes enterprises want more granular URL filtering (i.e. .allow some sites or categories for one set of users and deny them for others). In that case you would create a set of rules, each with different URL Filtering policies and probably including identity context (username, group membership etc.).

Remember that Access Control Policy rules are first match and, when a match occurs, subsequent rules will not be considered (unless the action of the first match was "Monitor"). So you have to plan your rules with that in mind.

0 Helpful

Go to solution
sheikhrazib2766
Level 1
Level 1
In response to Marvin Rhoads

‎06-12-2019 04:38 PM

Got it. 

 

Thanks Marvin

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card