Buy or Renew
Buy or Renew
NOTICE: The community will be in READ-ONLY Sept. 6 – 9 to add Umbrella release notes and announcements. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
721
Views
0
Helpful
2
Replies

5506-x Firepower does file blocking work?

mabouchard
Level 1
Level 1

‎07-13-2016 02:50 PM - edited ‎03-10-2019 06:38 AM

I have a 5506-x with Firepower. The version is 6.0.1.1(24) and managed with ASDM. I had the Access control policy working for URL and Application filtering and it was working fine. Both of these rules in the Policy were block rules. When I tried to add another rule and apply a file policy to deny .MP4 files it did not appear to work. After trying all kinds of variations, orders, and settings I decided to disable the URL and Application rules from the policy and only have a single rule for the file blocking. The rule itself is a Allow rule but the file policy that is referenced blocks .MP4 file extensions and it does not work and does appear that it is getting triggered by the Firepower monitoring via ASDM. Originally in the file policy I had any protocol, any direction but have also tried HTTP and FTP for the protocol and download for the direction and it still does not work. I am beginning to wonder if this function is supported on the 5506.

Any help appreciated.

Labels:
0 Helpful
2 Replies 2

yogdhanu
Cisco Employee
Cisco Employee

‎07-13-2016 07:51 PM

Hi File blocking does work and if the right policies are configured, then transfer of MP4 file should be blocked.

Did the URL rule work when they were their ? Trying to verify if the traffic is passing through the firepower module or no.

You can use the CLI debug to see which rule the traffic hits.

>system support firewall-engine-debug

Enter the source or destination IP and check the output.

Rate if helps,

Yogesh

0 Helpful

Jetsy Mathew
Cisco Employee
Cisco Employee

‎07-13-2016 09:42 PM

Hello Team,

FTP and HTTP file transfer  will be blocked without any errors if the Firepower detects that specific traffic. We have tested  this several times in our lab and it has became successful for all the customers .Thus please make sure that the traffic is passing through the Firepower itself. Also verify the configuration part once again using the following link

http://www.cisco.com/c/en/us/td/docs/security/firesight/541/firepower-module-user-guide/asa-firepower-module-user-guide-v541/AMP-Config.html

Rate if the post helps you.

Regards

Jetsy 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card