Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2390
Views
10
Helpful
3
Replies

Cisco FTD URLs

Go to solution
ciscoworlds
Level 4
Level 4

‎03-27-2018 06:40 AM - edited ‎02-21-2020 07:34 AM

Hi;

What is difference between URLs configured on "Object Management > Security Intelligence > URL Lists and Feeds" page and "URL" object located in "Object Management > URL"?

Cisco FTD: Configuration and Troubleshooting book from Ciscopress said that if we need to allow an special URL inside a completely banned URL category, we should create a URL object in "Object Management > URL" and use it inside an another access control rule to allow that URL. So, can't we put that URL inside "Global Whitelist for URL" on "Object Management > Security Intelligence > URL Lists and Feeds" page?

fmc0.png

1 person had this problem
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Bogdan Nita
VIP Alumni
VIP Alumni

‎03-27-2018 07:24 AM

Security Intelligence uses reputation to quickly block connections to or from known malicious IPs or URLs.

The white list in the security intelligence is effectively used for false positive IPs and URLs. If you add a URL to the white list in the security intelligence, traffic from to that URL may be dropped later according to the configured polices.

So most of the time you would use Object Management URLs, but if the URL is blocked because of the security Intelligence you may need to add it to the security intelligence URL white-list.

 

HTH

Bogdan

View solution in original post

3 Replies 3

Go to solution
Bogdan Nita
VIP Alumni
VIP Alumni

‎03-27-2018 07:24 AM

Security Intelligence uses reputation to quickly block connections to or from known malicious IPs or URLs.

The white list in the security intelligence is effectively used for false positive IPs and URLs. If you add a URL to the white list in the security intelligence, traffic from to that URL may be dropped later according to the configured polices.

So most of the time you would use Object Management URLs, but if the URL is blocked because of the security Intelligence you may need to add it to the security intelligence URL white-list.

 

HTH

Bogdan

Go to solution
ciscoworlds
Level 4
Level 4
In response to Bogdan Nita

‎03-27-2018 07:32 AM

Thank you. This is what I'd missed :)
0 Helpful

Go to solution
Pete Cowen
Level 4
Level 4
In response to Bogdan Nita

‎08-10-2018 07:25 AM - edited ‎08-10-2018 07:27 AM

I have a customer with ASA who has 1000+ Objects and ACL rules. They want to understand if they move to FTD can this ruleset be simplified and easier to manage adds moves and changes. They have a huge problem managing direct access to Office 365 as the URLs and IP addresses change all the time.

 

Is there possibly a category in FPWR URL filtering that would cover all O365 access?

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card