Firepower Rule limit to adding URL

Muhammad Amin Zia · ‎07-08-2018

Hello experts Once again I am here to discuss my issue with you guys. In my firesight whenever I add any rule for blocking URL's that rule has limit to add only 50 URL's in one rule. I need to know how to increase this limit because i don't want to add rule again and again when its 50 limit threshold has reached. Is there any possible solution?

Marvin Rhoads · ‎07-09-2018

Have you considered using a DNS list in Security Intelligence section as opposed to an URL filtering policy?

https://www.cisco.com/c/en/us/td/docs/security/firepower/623/configuration/guide/fpmc-config-guide-v623/reusable_objects.html#ID-2243-00000135

https://packetu.com/2016/07/03/understanding-firepower-dns-policies/

Muhammad Amin Zia · ‎07-10-2018

Thank you for your reply but I have checked the option it has ip blocking option but cannot block URL. I need to increase the URL counting more then 50 in rule set.

Marvin Rhoads · ‎07-10-2018

I don't know where you see the limitation on blocking URLs.

URLs are included in the custom feed options and they are quite scalable. As noted in the configuration guide:

"The number of entries you can include is limited by the maximum size of the file. For example, a URL list with no comments and an average URL length of 100 characters (including Punycode or percent Unicode representations and newlines) can contain more than 5.24 million entries."

Muhammad Amin Zia · ‎07-11-2018

thats great Marvin further can you share me the gui steps or any link for configure to block URLs

Rahul Govindan · ‎07-11-2018

The 50 limit rule is when you add url's directly into the rule. This limitation is present for applications as well. In addition to what @Marvin Rhoads mentioned, you can create a url object group and add more than 50 url's to that. You can then call the url object group into the rule.

Muhammad Amin Zia · ‎07-11-2018

Great can you tell me how many URL's can be added in one URL object group?

Rahul Govindan · ‎07-12-2018

I don't recall a limit on this. I have added 150+ URL's using API's to a single object.

Muhammad Amin Zia · ‎07-12-2018

Ok and brother when i start adding url there are only 2 options for URL one is individual object and other is object group and each individual object can add only 1 URL on this way if i have to add 150 URL i have to create individual 150 objects and then those object will be called in a single object group and single object group will be called in a rule. I wonder is there any limit for adding individual objects??? Also is their any way to add multiple url directly in object group ??? Instead of individual objects. Your help will be highly appreciated

Rahul Govindan · ‎07-13-2018

Yes you can. You can manually add URL's like I have attached below:

You can also use API's under the FMC API explorer to add multiple URL's is one go. A sample of what I used is here:

{
"name": "Test_URL_Object",
"literals": [
  {
      "url": "cisco.com",
      "type": "Url"
    },
  {
      "url": "apple.com",
      "type": "Url"
    }
],
"type": "UrlGroup"
}

Muhammad Amin Zia · ‎07-13-2018

look in the attached screenshot I am not getting option to add URL individually. I only have an option to add URL into individual object group then into URL group please suggest.

Muhammad Amin Zia · ‎07-16-2018

is there any solution brother?

Marvin Rhoads · ‎07-16-2018

As Rahul noted, the GUI is one URL at a time.

If you want to do a bulk add then you would need to use the API and build a script to load them in all at once.

Muhammad Amin Zia · ‎07-17-2018

Thank you Marvin. Can you help me to open API explorer at firepower. I am new at it. I have tried several links on google for this but no luck can you explain this in detail?

Rahul Govindan · ‎07-17-2018

https://blogs.cisco.com/security/how-to-get-started-on-programming-firepower-using-fmc-apis

API explorer URL:

https://<fmc_url>/api/api-explorer/