Hello Akzhol!

Philippos Ioannou · ‎03-27-2015

Have asa5512x with firepower and 5.4 installed on device and defence centre is also 5.4

everything was working ok up until 2 days ago were the url filtering will stop blocking bad sites. in the connection event logs it does not show anymore

the url category or reputation on the specific website, it is blank. at the access control rule it show default action. it is as if the access control policy is not working at all. have seen previous question about how this was fixed in 5.4 but here we have it again. has any one managed to fix this

bernhard.hoerl · ‎05-12-2015

we had the same issue and got the url filter to work properly with a workaround from tac

by adding a monitor rule with the same categories we tried to block above the block urls rule the filter seems to work as it should. by adding this the website is first categorized and then the blocking rule matches

i hope this was helpful!

Akzhol Konurbaev · ‎06-06-2016

Hi Bernhard!

What do you mean?

is that right ?

bernhard.hoerl · ‎06-06-2016

Hello Akzhol!

Yes, looks good.

But if you are using one of the latest Firepower versions this should not be a problem anymore. Currently I'm using version 6.0.1 and I'm very happy with it.

Akzhol Konurbaev · ‎06-06-2016

My Firepower version 6.0.1.
But it still doens't work.
URL Blocks works only 10-15 min but then allow pass traffic

saleff · ‎06-07-2016

We have version 6.0.1 with the exact same problem.

Jetsy Mathew · ‎06-09-2016

Hello Saleff,

Please open a new TAC service request with Cisco TAC so that they can verify and provide you the hotfix if the issue is confirmed.

Rate if this answer helps you.

Regards

Jetsy

ankojha · ‎06-09-2016

Hi,

In the connection events. is it showing url category or showing as uncategorized ?

Thanks,

Ankita

saleff · ‎06-09-2016

When it is working the show up as category and when it is not blocking what it should it shows up as uncategorized.

Thanks

alberx · ‎05-22-2015

Try to upgraded to 5.4.1.1 Sourcefire and 5.4.0.2 for the sensors released past thursday 21/05.

I did it yesterday and it resolved some of my problems of non blocking sites or nos showing http response page.

Carlos Alberto de Barros · ‎04-08-2016

In the end of the last year i had this same problem in a customer... but after update to version 5.4.0-4 the URL filtering works fine.

Today i got the same problem again, but now i update to version 5.4.0-5 and after to 5.4.0-7, and still does not work.

Jetsy Mathew · ‎06-07-2016

Hello Team,

There are several bugs reported in version 5.4 and 5.4.x reported with the url filtering . Thus it would be really recommended to upgrade the version to 6.0 or highest since the url filtering is stable in this versions.Based on the error what you told, it looks like hitting a bug.

Regards

Jetsy

saleff · ‎06-08-2016

We have version 6.0.1 and it still has the same problem. It stop filtering at random for about ten minutes and then it works again.

Jetsy Mathew · ‎06-08-2016

Hello Team,

I have faced a similar issue where the URL filtering rule never works properly in version 6 .Sometimes it follows the AC policy rule and block it or allow it accordingly sometimes its not. Have you added any security zone to the interface options in the Device management. We have a known bug reported while using asa sfr with url filtering contains the security zone. We have hotfix available for this issue and issue can be resolved . To confirm it , you have to open a Cisco TAC request so that the engineer can work on it to verify and provide you the hotfix that is available. The issue is there in 6.0.0 as well as 6.0.0.1. Thus you need to install the hotfix based on the version that you have.

Rate if this answer helps you.

Regards

Jetsy

saleff · ‎06-09-2016

Thanks Jesty for the reply. I will forward this info to the TAC Engineer that is working on this case.

firepower url filtering not working as expexcted