Facebook URL is not blocking on cisco ASA 5512 firepower

Muhammad Amin Zia · ‎07-04-2018

Hello experts I am trying to block facebook url for my lan users but when I create a policy with action block and writing a url "www.facebook.com" on it. It is not blocking facebook web for my lan users. any help would be highly appreciated.

Note : I dont want to change anything on my asa via command line, I just want to add url on firesight to block the facebook login web page.

Marvin Rhoads · ‎07-04-2018

Do you have the URL filtering license applied to the module?

Can you share a screenshot of your Access Control Policy rule? It should look somethings like this (confirmed to work on my lab device):

Muhammad Amin Zia · ‎07-04-2018

Please found the attached screenshot also my rule is at the top of the list i.e. it is rule 1 from source any and destination any

Marvin Rhoads · ‎07-05-2018

Can you show me the overall ACP screenshot with all of the rules listed?

Also can you confirm that it has been successfully deployed to the module?

Muhammad Amin Zia · ‎07-08-2018

I am sorry but i cannot share the overall rules list.

Marvin Rhoads · ‎07-09-2018

You may want to contact Cisco TAC if you cannot share the details here for the configuration you are asking for help troubleshooting.

The feature definitely works - I have tested it successfully in my lab as well as deployed it in production customer networks.

Muhammad Amin Zia · ‎07-10-2018

thank you for your reply is there any otherway to block this URL completely with all of its content. Also please let me know either the allow rules come first in the rule sequence or block rules come first.

Marvin Rhoads · ‎07-10-2018

There are usually several ways to accomplish a given task. The one I recommended matches how Cisco teaches it and it works.

Rules are first match, evaluated from top (i.e. #1) down. Once you get a match (whether it is a allow or block or whatever), subsequent rules will not be evaluated. So give thought to how you order your rule sequence.