Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1647
Views
0
Helpful
4
Replies

FMC how to turn off connection events for URL added to Global-Blacklist-for-URL

Go to solution
FGR
Level 1
Level 1

‎11-07-2019 05:52 AM - edited ‎02-21-2020 09:40 AM

I added a few URL's to the Global-Blacklist-for-URL in FMC.

Now I get too many connection events with reason  "URL Block" 

Is there a setting turning off this type of event?

 

Preview file
137 KB
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎11-07-2019 07:39 AM

Depending on the rest of your Access Control Policy entries, you may be able to put in an initial rule that's designed just to block the traffic based on URL filtering (as opposed to picking it up on the Security Intelligence (SI) blacklist) and not enable logging for that rule.

As long as you are catching it via SI I think it's going to generate connection events. You can of course filter those events from your display; but they will still be logged.

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎11-07-2019 07:39 AM

Depending on the rest of your Access Control Policy entries, you may be able to put in an initial rule that's designed just to block the traffic based on URL filtering (as opposed to picking it up on the Security Intelligence (SI) blacklist) and not enable logging for that rule.

As long as you are catching it via SI I think it's going to generate connection events. You can of course filter those events from your display; but they will still be logged.

0 Helpful

Go to solution
FGR
Level 1
Level 1
In response to Marvin Rhoads

‎11-07-2019 01:08 PM - edited ‎11-07-2019 01:10 PM

I was a little afraid we had to buy an URL license when using an URL rule in an Access Control Policy. This is not the case, and this works!

Preview file
17 KB
0 Helpful

Go to solution
harmesh88
Level 1
Level 1
In response to Marvin Rhoads

‎11-11-2019 01:44 AM

So in this case we should remove URL From SI and add that URL in URLFilter right ?

0 Helpful

Go to solution
FGR
Level 1
Level 1
In response to harmesh88

‎11-11-2019 02:00 AM

Yes, that's what I did.

 

(1) Create Blocking Access Rule for URLs with event-log off (see attachment)

(2) Remove them from Objects -> Object Management -> Security Intelligence -> URL Lists and Feeds -> Global-BlackList-for-URL

 

 

 

Preview file
20 KB
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card