12-07-2022 08:42 AM
Good morning,
I am new to Cisco Firepower, but I believe this device may be blocking legitimate traffic at my office. I have an end user that is stating they are trying to sign electronic documentation. I asked them to give me the link for a test box I have, and I experience the same result. The page loads successfully and I can see from within the firepower the action is Allow to the public IP of the site. However, it just times out on loading the documents that need to be signed.
If I copy that link to a company device that is outside of the network, the documents load successfully. I suppose my question is, where within the firepower should I look for blocked applications/traffic?
Solved! Go to Solution.
12-30-2022 05:02 AM
Thank you for your response BB,
It turned out to be Outgoing Geoblocking that was causing the issue. We logged into the FTD directly and issued a "System Support Trace" command and used the internal IP address of the test box to see which rules were interfering. We were also able to use this command to grab the public IPs that were being blocked as well as create a rule to allow cloud services to AWS and Azure through.
12-07-2022 09:03 AM
analysis --> securitu intellegence events
check below guide
12-30-2022 05:02 AM
Thank you for your response BB,
It turned out to be Outgoing Geoblocking that was causing the issue. We logged into the FTD directly and issued a "System Support Trace" command and used the internal IP address of the test box to see which rules were interfering. We were also able to use this command to grab the public IPs that were being blocked as well as create a rule to allow cloud services to AWS and Azure through.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide