Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2233
Views
0
Helpful
8
Replies

Firepower ACL rule with AD account is NOT working...

eeebbunee
Level 1
Level 1

‎05-06-2022 12:06 PM - edited ‎05-06-2022 12:19 PM

Dear Experts,

 

For some reason, Rules in ACL doesn't work especially rules with AD account. (Users)

For example, 

We have allow rule for indeed.com and lilnkedin.com for specific users, and last rule covers block those websites.

ftdissue.PNG

 

However, linkedin.com is works for some users following the rule (up here), on the contrary indeed blocks everyone.

 

Can anyone suggest solution for me?

 

 

Thank you very much.

 

0 Helpful
8 Replies 8

Francesco Molino
VIP Alumni
VIP Alumni

‎05-10-2022 08:04 PM

Hi

 

Can you share the log showing indeed is being blocked please with the info you see on the column url?


Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
0 Helpful

eeebbunee
Level 1
Level 1
In response to Francesco Molino

‎05-11-2022 07:21 AM

Hello Francesco!

please see my rules:

 

Block Log is following:

Block Log.PNG

 

Allow rule is placed to Rule#46 and detail URLs are below:

ftdissue.PNGAllow rule det.PNG

 

The reason why I put the https://indeed.com and Indeed.com seperately is that none of forms of URL doesn't work.

(http://www.indeed.com, https://indeed.com, indeed.com. those are all the same results.)

 

and my Block rule is placed to 52, which is last match.

block_det.PNG

 

 

 

 

0 Helpful

Francesco Molino
VIP Alumni
VIP Alumni
In response to eeebbunee

‎05-11-2022 11:46 AM

Can you change your object to have the value indeed.com only because you're going to https://www.indeed.com and you configured https://indeed.com


Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
0 Helpful

eeebbunee
Level 1
Level 1
In response to Francesco Molino

‎05-11-2022 12:33 PM

Allow rule det.PNG

I have changed URL only go for indeed.com but still no luck... I don't get it why I can reach to Linkedin but Indeed with a same rule?

Do you think our firepower has an issue?

 

 

0 Helpful

Francesco Molino
VIP Alumni
VIP Alumni
In response to eeebbunee

‎05-25-2022 07:23 PM

Can you share an output of your connection events please?

Also, could you do system support trace on clish and share the output?

 

 


Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
0 Helpful

SinghRaminder
Level 1
Level 1

‎05-11-2022 06:49 PM

can you provide us the output of:

Packet-tracer input inside tcp user <YOUR USER iN QUESTION> 12345 fqdn indeed.com 443

Thanks
Raminder
PS: If this answered your question, please don't forget to rate and select as validated answer
0 Helpful

eeebbunee
Level 1
Level 1
In response to SinghRaminder

‎05-12-2022 06:45 AM

Hello,

 

When I typed cli, it gives me an error :

clierror.PNG

 

Is this command line related to firepower os version?

our current version is 6.2.3, and we will upgrade on this weekend.

 

Thank you!

0 Helpful

SinghRaminder
Level 1
Level 1

‎05-12-2022 07:24 AM

Try this please

Packet-tracer input inside tcp user <YOUR DOMAIN\sweeney.kim> 12345 fqdn indeed.com 443

Thanks
Raminder
PS: If this answered your question, please don't forget to rate and select as validated answer
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card