cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

166
Views
0
Helpful
4
Replies
FGR Beginner
Beginner

FMC how to turn off connection events for URL added to Global-Blacklist-for-URL

I added a few URL's to the Global-Blacklist-for-URL in FMC.

Now I get too many connection events with reason  "URL Block" 

Is there a setting turning off this type of event?

 

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Hall of Fame Guru

Re: FMC how to turn off connection events for URL added to Global-Blacklist-for-URL

Depending on the rest of your Access Control Policy entries, you may be able to put in an initial rule that's designed just to block the traffic based on URL filtering (as opposed to picking it up on the Security Intelligence (SI) blacklist) and not enable logging for that rule.

As long as you are catching it via SI I think it's going to generate connection events. You can of course filter those events from your display; but they will still be logged.

View solution in original post

4 REPLIES 4
Highlighted
Hall of Fame Guru

Re: FMC how to turn off connection events for URL added to Global-Blacklist-for-URL

Depending on the rest of your Access Control Policy entries, you may be able to put in an initial rule that's designed just to block the traffic based on URL filtering (as opposed to picking it up on the Security Intelligence (SI) blacklist) and not enable logging for that rule.

As long as you are catching it via SI I think it's going to generate connection events. You can of course filter those events from your display; but they will still be logged.

View solution in original post

FGR Beginner
Beginner

Re: FMC how to turn off connection events for URL added to Global-Blacklist-for-URL

I was a little afraid we had to buy an URL license when using an URL rule in an Access Control Policy. This is not the case, and this works!

Beginner

Re: FMC how to turn off connection events for URL added to Global-Blacklist-for-URL

So in this case we should remove URL From SI and add that URL in URLFilter right ?

FGR Beginner
Beginner

Re: FMC how to turn off connection events for URL added to Global-Blacklist-for-URL

Yes, that's what I did.

 

(1) Create Blocking Access Rule for URLs with event-log off (see attachment)

(2) Remove them from Objects -> Object Management -> Security Intelligence -> URL Lists and Feeds -> Global-BlackList-for-URL