10-23-2020 12:42 AM
Good Day
I have recently setup a new FMC 6.6 with FTD environment for a customer.
Mostly all feeds seems to be working(Threat Intel/IPS/Updates) but for the life of me I cant seem to get the URL Categories in the system.
The first thing I noticed is the FMC does not use the proxy configuration to query the URL Categories, so we allowed FMC IP to query it directly and it seemed to update the feed now.
As for the policy it is essentially an any any permit for URL Category at this stage.
In the Connection Events View the application for example shows Facebook but the URL Category remains unknown.
It has to be noted that the actual connection destination is a Proxy Server that is not encrypted to the FTD can see the URL so I do not think that should be an issue.
Has anyone seen this behavior before or am I missing something on the policy side?
10-23-2020 03:44 AM
Did you enable the URL filtering on FMC? the URL category and reputation data are downloaded from Cisco cloud. If you did not enable URL filtering on FMC, FMC would not be able to talk to Cisco cloud, hence, won't be able to categorize the URLs.
On FMC go to System > Integration > Cloud Services and enable automatic updates and Query Cisco Cloud for Unknown URLs.
10-23-2020 05:30 AM - edited 10-23-2020 05:30 AM
URL Filtering is enabled yes and confirmed on the GUI that it is updating, Query Cisco Cloud for Unknown URLs are disabled as the customer does not wish to submit their internal DNS entries which they deem Sensitive.
From my understanding if the Category Download Runs it should show the categories for well known sites at least?
10-23-2020 06:16 AM
I think until you enable Query Cisco Cloud option, the FMC would not be able to categorize the URLs. The FMC would not be able to know the "well-known" URLs till it lookup for them, so, first time the FMC sees the URL, it would not have any clue about its reputation/category, this is why you see its reputation/category as unknown. The FMC then tries to lookup for that URL via contacting Cisco cloud, and just after that is successful, the FMC would be able to categorize it.
10-23-2020 04:36 AM
In addition to what @Aref Alsouqi mentioned, you didn't mention if you have the URL Filtering license and have associated with the managed device.
10-25-2020 02:43 AM
Please check https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvs71034
If this matches you should rename the virtual account.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide