09-28-2020 03:32 AM - edited 09-28-2020 04:28 AM
Time and again I keep getting requests to block xyz.com on Firepower.
Is there a way to check if a particular URL is already blocked on Firepower's SI or something like that?
I am on FMC 6.4
Solved! Go to Solution.
09-28-2020 11:18 PM - edited 09-28-2020 11:32 PM
+5 manabans.
Shawh, If its blocked by FP, you should it see it in FMC connection events as
blocked (assuming that you enabled logging for the rules that use SI). The categorization will show where it falls but not if blocked or not.
***** please remember to rate useful posts
09-28-2020 10:19 AM
You can manually look up the category and reputation of URLs. Login to FMC UI, navigate to Analysis > Advanced > URL, enter the particular URL, and search.
09-29-2020 12:39 AM
Thank you.
Yes, I looked up the URL, the news ones almost always come up as 'Category / Risk : Unknown', so Firepower won't block them.
09-28-2020 11:18 PM - edited 09-28-2020 11:32 PM
+5 manabans.
Shawh, If its blocked by FP, you should it see it in FMC connection events as
blocked (assuming that you enabled logging for the rules that use SI). The categorization will show where it falls but not if blocked or not.
***** please remember to rate useful posts
09-29-2020 12:43 AM
Thank you, Mohammed.
Precisely what I was looking for. The Risk / Category comes up as unknown, so my policies don't work.
But thanks, your answer was on point.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide