09-18-2024 05:36 AM
My understanding is that URL feeds in FirePower SI are updated dynamically and take effect w/o having to do a policy deploy to the FTD. Does the same apply to custom URL feeds used in an ACP rule? My idea would be to create a custom URL feed on a local web server which is then used in an ACP rule. Local admins would have access to the URL feed file on the webserver and can edit this file(s) to block or allow URLs w/o having access to the FMC or FTD. Will this work?
TIA
Solved! Go to Solution.
09-18-2024 08:53 AM
09-18-2024 06:06 AM
@tato386 yes, create the custom URL feed and define an update frequency for the FMC to automatically check for updates, policy should not need to deployed.
09-18-2024 08:46 AM
cool. is there a file or folder on the FTD that I can use to check the status of this feed? I know I can just test by generating some traffic that matches the ACP rule but seems easier just to SSH into the FTD and poke around.
09-18-2024 08:53 AM
09-18-2024 12:15 PM - edited 09-18-2024 12:15 PM
FTD gets the update pretty quick from the FMC, nice.
you da man!
09-20-2024 04:37 AM
Why you correct the URL receive from talos ? and even if you remove some URL you need to do this process each time the talos send update
so there are two list
Block-list and Do-not-block-list
add URL you need to allow under block list
and this way you dont need each time add/remove url from talos list
09-20-2024 11:40 AM
Hello @MHM Cisco World
I am not interfering with the lists provided by Talos. I am adding additional custom URL feeds for domains that do not appear in Talos. These URL feeds will be used in ACP rules, not SI. For example, let's say I have an ACP rule that blocks the category "Shopping" but I need to make an exception for amazon.com (the users will kill me if I don't allow Amazon, right?). Adding it to SI global-do-not-block will not bypass the ACP block of "shopping" sites. However, I can add an ACP rule before the shopping rule that references my custom URL feed.
Obviously, I can just add URLs manually to this rule but that would require access to FMC and a deployment to the FTD. By storing this feed on a protected server share we can allow authorized non-tech, non-FMC users to add exceptions for domains and also have the change take effect withing minutes without needing a deploy.
We can do similar with domains that we want blocked but in that case I would use the custom feed directly in SI because a block in SI is final and will not go to the ACP.
HTH
09-23-2024 03:08 AM
Friends there is fqdn and dns and url
So I think you talking about using fqdn not url, url always done in SI.
Can I see the ACP you use
Thanks alot
MHM
09-23-2024 11:20 AM
If you create custom feeds they will be available for use in ACP rules. In my case the feed files are simple text files that look like this:
domain1.com
domain2.com
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide