Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1719
Views
0
Helpful
2
Replies

FireSIGHT URL Not Blocking on First View

TOM FRANCHINA
Level 1
Level 1

‎01-15-2015 01:32 PM - edited ‎03-12-2019 05:36 AM

This is a new installation of an ASA5545 with FireSIght licensed for URL filtering

We wrote a rule for "block" not "block with reset" for URLs containing "Adult and Pornography" and applied it. It did work but only after the second view of the page. After the second view it did block the URL and the "Access Denied" screen was displayed.  

Was this a user configuration issue or a FireSight issue???

Thanks,

Tom

 

 

 

Labels:
0 Helpful
2 Replies 2

Marvin Rhoads
Hall of Fame
Hall of Fame

‎01-18-2015 06:31 AM

Was there already an established tcp connection from the client you're testing from? If so, that would be used and not trigger the URL filter.

Test by first doing "clear conn" on the ASA and then hit the page with a fresh first view.

0 Helpful

Rodrigo Belo
Level 1
Level 1

‎03-31-2015 05:31 AM

Hi Tom,

not sure if this is related (I'm new with FireSIGHT myself) but...

"Before you can perform user control using a group criterion, the system must detect activity from at least one user in that group. This initial connection is not handled by the access control rule it matches, but instead by the next rule it matches, or the access control policy default action."

 

http://www.cisco.com/c/en/us/td/docs/security/firesight/541/firepower-module-user-guide/asa-firepower-module-user-guide-v541/AC-Rules-User.html

 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card