Solved: Re: Firepower Blocking Legit Traffic

jberrios · ‎12-07-2022

Good morning,

I am new to Cisco Firepower, but I believe this device may be blocking legitimate traffic at my office. I have an end user that is stating they are trying to sign electronic documentation. I asked them to give me the link for a test box I have, and I experience the same result. The page loads successfully and I can see from within the firepower the action is Allow to the public IP of the site. However, it just times out on loading the documents that need to be signed.

If I copy that link to a company device that is outside of the network, the documents load successfully. I suppose my question is, where within the firepower should I look for blocked applications/traffic?

jberrios · ‎12-30-2022

Thank you for your response BB,

It turned out to be Outgoing Geoblocking that was causing the issue. We logged into the FTD directly and issued a "System Support Trace" command and used the internal IP address of the test box to see which rules were interfering. We were also able to use this command to grab the public IPs that were being blocked as well as create a rule to allow cloud services to AWS and Azure through.

View solution in original post

balaji.bandi · ‎12-07-2022

analysis --> securitu intellegence events

check below guide

https://www.cisco.com/c/en/us/td/docs/security/firepower/630/configuration/guide/fpmc-config-guide-v63/url_filtering.html#id_70612

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

jberrios · ‎12-30-2022

Thank you for your response BB,

It turned out to be Outgoing Geoblocking that was causing the issue. We logged into the FTD directly and issued a "System Support Trace" command and used the internal IP address of the test box to see which rules were interfering. We were also able to use this command to grab the public IPs that were being blocked as well as create a rule to allow cloud services to AWS and Azure through.