Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
918
Views
0
Helpful
2
Replies

ASA 5506 with FTD image, strange problems

slv_slv
Level 1
Level 1

‎03-29-2021 12:19 AM

Hi all,

I've recenly reimaged asa 5506x to FTD 6.2.3.16-59, activated evaluation licences (all possible) and configured for my home purposes.

 

Screenshot_57.jpg

Initially I had idea to enable Security inteligence option for network and URL .... as a reosult of this I lost DNS conectivity, so I desided to disable this option totally. In Events there was no single entry with filter "Rule Action!=Trust" so I have no clue why I've lost DNS connectiviy, even to OpenDNS servers.

As a next step I created few policies like below:

 

Rule number "3" should block every webpage relted to whisky manufactures, but it deesn't.  Those kind of webpages are loading much much slower, but finally its able to load. Why?

Rule number "4" i also disbaled (in Allow mode insted od block) because its not working correcty (not making any log entries ie. for eicar virus).

 

I've added rule "2" to avoid DNS problem when I enbled Security inteligence. Without success.

 

I don't have currently option to have FMC, that's why I desided to use buld in Firepower Device Manager.

Is it really nessesary to manage home FTD by FMC? I don't have huge requiremenets, I just want to have at least logs which will tell me what is the reason for blocking and etc.

 

Have you any idea what has happend to me? any advice what to do to get it working correctly?

 

With regards

SLawek

0 Helpful
2 Replies 2

slv_slv
Level 1
Level 1

‎03-29-2021 07:29 AM

This is a dashboard view after 10h of normal home activity (2 peoples WFH, 2 childrens on remote learning)

Screenshot_58.jpg

0 Helpful

slv_slv
Level 1
Level 1

‎03-29-2021 11:34 AM

Hi again
it seems that most my problems are related to one settings: Logings > Select log action - you HAVE to choose "At Beginning and End of Connection" or At End of Connection - initially I tought that' those settings are only related if you have external Syslog server. I was wrong.

 

Now I have url hits, and other logs expected

 

The biggest surprise was with url filtering. This policy is not working for webpages this days, as the most web servers are using SSL this days. I'm expecting to block websites based on SNI part of SSL cert. How to get this implemented on my FTD? Is it posible?

 

Regards

Slawek

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card