Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1423
Views
0
Helpful
3
Replies

FMC 4500 with ASA 5545X and Using Websense

Go to solution
TW80CJ5
Level 3
Level 3

‎01-24-2020 06:34 AM - edited ‎02-21-2020 09:51 AM

We currently use a Cisco FMC 4500 6.5.02 at our Region and have ASA 5545X 9.13(1) at our branch offices.

 

In the ASA, under URL Filtering Servers there are Websense and Secure Computing SmartFilter radio buttons. Ideally, we would like to have the FMC at the Region be our URL Filtering Server that the ASA points to. Is this possible...???

 

If so, where / how do we configure in the FMC?


Thanks!

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to TW80CJ5

‎01-24-2020 01:51 PM

Your FMC can manage the Firepower service module (or, as you called it "sfr"). That module will apply URL policies if licensed and configured by the policy deployed from FMC. If the ASA is redirecting its traffic into the module it will thus apply to the traffic.

FMC, working with the module, will not do anything to affect the configuration in the ASA code portion of the appliance. It only interacts with the Firepower service module and that module doesn't change the ASA code either - it only sends a message to the ASA to drop traffic when it hits a relevant Firepower policy rule.

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎01-24-2020 08:59 AM

FMC only manages ASAs with respect to their Firepower service modules. So if you have a Firepower service module and the URL filtering license for it, you can configure your URL Filtering as part of the Access Control Policy associated with the Firepower service module(s).

0 Helpful

Go to solution
TW80CJ5
Level 3
Level 3
In response to Marvin Rhoads

‎01-24-2020 11:42 AM

Marvin,


Thanks for the info....So, is there no way to manage the ASA's with the FMC and use the FMC to push out the URL filtering to its ASA's via the SFR...??

 

Any information would be greatly appreciated...

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to TW80CJ5

‎01-24-2020 01:51 PM

Your FMC can manage the Firepower service module (or, as you called it "sfr"). That module will apply URL policies if licensed and configured by the policy deployed from FMC. If the ASA is redirecting its traffic into the module it will thus apply to the traffic.

FMC, working with the module, will not do anything to affect the configuration in the ASA code portion of the appliance. It only interacts with the Firepower service module and that module doesn't change the ASA code either - it only sends a message to the ASA to drop traffic when it hits a relevant Firepower policy rule.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card