Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1293
Views
10
Helpful
4
Replies

FMC tags valid URLs into Spam, Exploits or Malicious Sites

Go to solution
kish02
Level 1
Level 1

‎09-14-2022 10:32 PM

Hi,

Outbound traffic to the internet on our network are being blocked. FMC tags valid URLs into Spam or Malicious Sites or Exploits.

Im using FMC 7.0.1 (build 84) and FTD Version 7.0.1. Any idea? Thanks.

Sample logs

fmc logs.jpg

1 person had this problem
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jose-Net
Level 1
Level 1

‎09-16-2022 03:44 AM

Seems a problem with Snortv3 as per bug https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa85492

Ive reverted to Snortv2 and seems to have fixed the problem.

View solution in original post

4 Replies 4

Go to solution
marce1000
VIP
VIP

‎09-15-2022 03:36 AM

 

 - Check the URL filtering  policies : https://www.cisco.com/c/en/us/td/docs/security/firepower/630/configuration/guide/fpmc-config-guide-v63/url_filtering.html

 M.



-- ' 'Good body every evening' ' this sentence was once spotted on a logo at the entrance of a Weight Watchers Club !
0 Helpful

Go to solution
brewnet84
Level 1
Level 1

‎09-15-2022 07:50 PM

brewnet84_0-1663296407487.png

I am seeing the same thing running FTD 7.0.4 (build 55) and FMC of same version. I did a pending deployment and despite no changes actual deployed the categories flipped back and traffic started passing. I had been running these versions without issue for almost a week. The exact time I experienced this is 9/14 2pm - 7pm CST.

After

brewnet84_1-1663296608627.png

 

0 Helpful

Go to solution
Jose-Net
Level 1
Level 1

‎09-16-2022 03:44 AM

Seems a problem with Snortv3 as per bug https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa85492

Ive reverted to Snortv2 and seems to have fixed the problem.

Go to solution
Herald Sison
Level 3
Level 3
In response to Jose-Net

‎12-15-2022 03:35 AM

Hi Sir, In my situation i can revert to Snort 2 but i will also face the same problem with High Memory Utilization-Snort, that is the main reason why i upgraded to Snort 3. I have reached to TAC already and they suggested to upgrade to FMC and FTD 7.0.5. 

https://www.cisco.com/c/en/us/td/docs/security/firepower/70/relnotes/firepower-release-notes-700/bugs.html

Have you tried or experienced the 7.0.5? or anyone here experienced it? need some feedback on this version.

Thanks

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card