Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
I am testing a Cisco Firepower 1010 physical appliance running FTD 7.2.5 in standalone mode. The device is currently in Evaluation mode (no licenses applied).
Observed behavior:
Internet traffic works when allowed in Access Control.
Internet traffic doesnt work when blocked below allowed rules in Access Control.
Malware test URLs (EICAR) are not blocked
Threat / malware sites are allowed
All URLs appear as Uncategorized in event logs
“Malware & File” policy option is not visible in GUI
URL category-based rules never match
I have verified:
Access Control policies are applied correctly
DNS and HTTP/HTTPS are allowed when configured under ports however doesnt work when allowed under Applications.
Logging is enabled
SSL decryption is disabled
My questions:
Are Malware, URL Filtering, and IPS enforcement disabled by design in Evaluation mode?
Is a valid Malware / URL / Threat license mandatory for:
Malware blocking
URL categorization
Talos reputation verdicts?
Is it expected that all URLs show as Uncategorized without URL license?
Please confirm if this behavior is expected and license-dependent, or if there is any limitation specific to FTD 7.2.5.
It needs to work, however you need to first perform content updates, for URL and Malware. Also, from device configuration, ensure all licenses are checked.
