Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
353
Views
0
Helpful
1
Replies

asa firepower ACL

ring zer0
Level 1
Level 1

‎07-05-2016 01:52 PM - edited ‎03-12-2019 12:59 AM

In cisco ASA firepower 6.

GroupA is a set of IP addresses , I want to block 2 URL categories and then the rest should be allowed. I have put a default last rule as deny all.

Now for this do I need to create 2 policies
Policy1 - Inside to Outside, GroupA to any, 2-URL-Categories, BLOCK
Policy1 - Inside to Outside, GroupA to any, ALLOW --->> Here because the URL categories were not called rest will be allowed.

In other vendor firewalls I have worked with URL Groups where I make a group and allow deny there only and then apply that or assocaite that group with any ACL. In Firepower it works a bit different I believe

Labels:
0 Helpful
1 Reply 1

ankojha
Level 3
Level 3

‎07-06-2016 12:22 AM

Hi,

In this case, you will have to create two policies as your default policy is deny all.

Create first policy:

Policy1 - Inside to Outside, GroupA to any, 2-URL-Categories, BLOCK

Policy 2 : group A any any allow

Please mark and rate helpful posts.

Thanks,

Ankita

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card