11-07-2019 05:52 AM - edited 02-21-2020 09:40 AM
I added a few URL's to the Global-Blacklist-for-URL in FMC.
Now I get too many connection events with reason "URL Block"
Is there a setting turning off this type of event?
Solved! Go to Solution.
11-07-2019 07:39 AM
Depending on the rest of your Access Control Policy entries, you may be able to put in an initial rule that's designed just to block the traffic based on URL filtering (as opposed to picking it up on the Security Intelligence (SI) blacklist) and not enable logging for that rule.
As long as you are catching it via SI I think it's going to generate connection events. You can of course filter those events from your display; but they will still be logged.
11-07-2019 07:39 AM
Depending on the rest of your Access Control Policy entries, you may be able to put in an initial rule that's designed just to block the traffic based on URL filtering (as opposed to picking it up on the Security Intelligence (SI) blacklist) and not enable logging for that rule.
As long as you are catching it via SI I think it's going to generate connection events. You can of course filter those events from your display; but they will still be logged.
11-07-2019 01:08 PM - edited 11-07-2019 01:10 PM
11-11-2019 01:44 AM
So in this case we should remove URL From SI and add that URL in URLFilter right ?
11-11-2019 02:00 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide