Firepower Threat Defense 6.2 - Website not loading properly on 4110/FGT

c_quijano · ‎03-07-2017

Hi everyone!

I'm currently deploying a Firepower 4110 on a client, currently migrating from their old device (FGT).

One of the firewall rules for a particular department entails whitelisting of URL's being applied. On the previous firewall, they were able to login to the site, and search data, although it loads a long time (takes 5-30 seconds to produce a result but never drops out).

Testing it on 4110/FGT 6.2, The site was able to load, login but when searching, it's a hit or miss, either it will take around 2 minutes to load the search results or none at all. Only URL filtering is on that particular rule, the rest is automatically dropped.

Source Zone: Internal Network 1, Destination Zone: ISP1, From Test VLAN to Any, URL List active, Action: Accept

When I remove the URL whitelisting rule but added Website Categories to be blocked on a higher rule, same issue.

When I remove the URL rule and defaults to any and no web filtering applied, that particular site is working properly.

I checked the site for possible blocking and added to whitelist but same issue applies.

Appreciate if any suggestions that you can give.

Thanks.

Oliver Kaiser · ‎03-11-2017

Sounds like some elements on the website are blocked that should not be blocked. Have you verified all other URLs that might be accessed when one is on that website. Try to whitelist them and try again.

If that is not working and you dont see any blocks you might want to create a TAC case.