06-10-2019 06:45 PM - edited 02-21-2020 09:12 AM
Hi there,
I'm new to Cisco Firepower. We are in process to migrate from Cisco ASA 5510 to Cisco Firepower 2130. We are going to use FDM and not FMC.
My Question/Query: What is the best way to implement URL Filtering!! Should I configure URL filtering in every single Access Rule or create a a single rule precisely for URL Filtering and place this rule after all the specific Access Rule( allowed IPs)
Thanks in advance
Solved! Go to Solution.
06-10-2019 07:40 PM
There's no one right answer.
If you have the (most common) use case of allowing all inside traffic outbound to the Internet then you would typically put URL filtering rules into that rule.
Sometimes enterprises want more granular URL filtering (i.e. .allow some sites or categories for one set of users and deny them for others). In that case you would create a set of rules, each with different URL Filtering policies and probably including identity context (username, group membership etc.).
Remember that Access Control Policy rules are first match and, when a match occurs, subsequent rules will not be considered (unless the action of the first match was "Monitor"). So you have to plan your rules with that in mind.
06-10-2019 07:40 PM
There's no one right answer.
If you have the (most common) use case of allowing all inside traffic outbound to the Internet then you would typically put URL filtering rules into that rule.
Sometimes enterprises want more granular URL filtering (i.e. .allow some sites or categories for one set of users and deny them for others). In that case you would create a set of rules, each with different URL Filtering policies and probably including identity context (username, group membership etc.).
Remember that Access Control Policy rules are first match and, when a match occurs, subsequent rules will not be considered (unless the action of the first match was "Monitor"). So you have to plan your rules with that in mind.
06-12-2019 04:38 PM
Got it.
Thanks Marvin
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide