Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
707
Views
0
Helpful
2
Replies

Firepower URL access rule question

Go to solution
SIMMN
Spotlight
Spotlight

‎04-03-2017 07:10 AM - edited ‎03-12-2019 02:10 AM

Hi,

Within FMC, if you setup a access control rule, you define the action to be allowed or deny etc. Then define the matching criteria, like network and/or services. But one question regarding the URL portion: if the action set to Allow for the rule, then what categories of URL to be selected, the permitted categories OR blocked ones?

Say, I want to allow LAN end-user web traffic outbound, but I want to block access to URL categories: Porn and Illegible... So can I do this in one rule OR I have to do two rules: one just to block those URL categories and second rule to allow web traffic?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎04-03-2017 08:31 AM

Make a rule with action "block" and the URL categories you wish to block. Follow it with an allow for other traffic. Just like in an ASA, the rules are evaluated from the top down and first match ends the ACP (Access Control Policy) rule processing.

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎04-03-2017 08:31 AM

Make a rule with action "block" and the URL categories you wish to block. Follow it with an allow for other traffic. Just like in an ASA, the rules are evaluated from the top down and first match ends the ACP (Access Control Policy) rule processing.

0 Helpful

Go to solution
SIMMN
Spotlight
Spotlight
In response to Marvin Rhoads

‎04-03-2017 09:31 AM

Thanks, Thats what I thought...

Comparing to other vendors, like PAN and Fortinet, their setup is using security profile (such web filter profile) to control the content blocking even the access control which has the profile associated is set to allow.

The ASA/SFR way is not much more labor effort but just different I guess...

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card