cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1280
Views
10
Helpful
3
Replies

Cisco FTD URLs

ciscoworlds
Enthusiast
Enthusiast

Hi;

What is difference between URLs configured on "Object Management > Security Intelligence > URL Lists and Feeds" page and "URL" object located in "Object Management > URL"?

Cisco FTD: Configuration and Troubleshooting book from Ciscopress said that if we need to allow an special URL inside a completely banned URL category, we should create a URL object in "Object Management > URL" and use it inside an another access control rule to allow that URL. So, can't we put that URL inside "Global Whitelist for URL" on "Object Management > Security Intelligence > URL Lists and Feeds" page?

fmc0.png

1 Accepted Solution

Accepted Solutions

Bogdan Nita
Rising star
Rising star

Security Intelligence uses reputation to quickly block connections to or from known malicious IPs or URLs.

The white list in the security intelligence is effectively used for false positive IPs and URLs. If you add a URL to the white list in the security intelligence, traffic from to that URL may be dropped later according to the configured polices.

So most of the time you would use Object Management URLs, but if the URL is blocked because of the security Intelligence you may need to add it to the security intelligence URL white-list.

 

HTH

Bogdan

View solution in original post

3 Replies 3

Bogdan Nita
Rising star
Rising star

Security Intelligence uses reputation to quickly block connections to or from known malicious IPs or URLs.

The white list in the security intelligence is effectively used for false positive IPs and URLs. If you add a URL to the white list in the security intelligence, traffic from to that URL may be dropped later according to the configured polices.

So most of the time you would use Object Management URLs, but if the URL is blocked because of the security Intelligence you may need to add it to the security intelligence URL white-list.

 

HTH

Bogdan

Thank you. This is what I'd missed :)

I have a customer with ASA who has 1000+ Objects and ACL rules. They want to understand if they move to FTD can this ruleset be simplified and easier to manage adds moves and changes. They have a huge problem managing direct access to Office 365 as the URLs and IP addresses change all the time.

 

Is there possibly a category in FPWR URL filtering that would cover all O365 access?

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers