Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1588
Views
0
Helpful
4
Replies

FirePower License

Go to solution
ahusseinabdallah
Level 1
Level 1

‎03-25-2019 10:54 PM

Hi, All

I have ASA 5525 with SFR and firepower, the license expired and I cannot renew it at this time, my question can I skip the policy rules in firepower and allow users to access some websites blocked by the access rule and can I give the management to ASA appliance and control the user access to website by the CLI access list.

 

Your cooperation is appreciated

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to ahusseinabdallah

‎03-26-2019 08:15 PM

The Firepower service module evaluates traffic based on its configured ACP and the fact that the ASA redirected traffic to it via the service policy +policy map +class map configuration.

If you just remove the service policy from the ASA configuration it will bypass the module altogether (along with any rules configured on it).

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Abheesh Kumar
VIP Alumni
VIP Alumni

‎03-26-2019 12:26 AM

Hi,
You can do this with ASA access list disable the rule in ACP and create a acl like below in ASA
for example to block some fqdn
!
object network google.com
fqdn google.com
object network cisco.com
fqdn cisco.com
!
object-group network DOMAIN-BLOCK
network-object object google.com
network-object object cisco.com
!
access-list INSIDE extended deny ip any object-group DOMAIN-BLOCK
!
access-group INSIDE in interface Inside

 

Hope This Heps

Abheesh

0 Helpful

Go to solution
ahusseinabdallah
Level 1
Level 1
In response to Abheesh Kumar

‎03-26-2019 02:03 AM

Thanks for the reply, but I mean that the firepower rule deny some websites and I can't change the rule because the license expired, I need to bypass the traffic to managed by ASA CLI.

 

thanks

 

0 Helpful

Go to solution
Abheesh Kumar
VIP Alumni
VIP Alumni
In response to ahusseinabdallah

‎03-26-2019 10:55 AM

Hi,
Why cant you try to disable the rule or delete the firewall from license page which is bind to URL filtering.

Hope This Helps
Abheesh
0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to ahusseinabdallah

‎03-26-2019 08:15 PM

The Firepower service module evaluates traffic based on its configured ACP and the fact that the ASA redirected traffic to it via the service policy +policy map +class map configuration.

If you just remove the service policy from the ASA configuration it will bypass the module altogether (along with any rules configured on it).

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card