09-25-2018 01:44 AM - edited 02-21-2020 08:16 AM
Hello
For one of our customer using ASA 5516-X with FTD 6.2.2 managed by FDM.
I created a Access Control policy to block the custom URL (eg. youtube.com) from inside to outside and kept it on the top at position #1 and the allow all policy next to it. After deploy that rule block the entire traffic from inside to outside, then I dragged the block policy to below the allow all policy and deployed it again then we are able to access internet.
I faced this problem in version 6.2.3.4-42 when I reimage the ASA. So I downgraded it to Ver 6.2.2-81 and tried the block policies they were working fine.For some reason I removed the policy and created it again after deployment we are facing this problem.
Attached the ACL snapshot for reference.
09-25-2018 03:23 AM
09-25-2018 05:54 AM
Thank you Mohammed
Yes the default action is block, but before that one Inside-to-outside allow rule is also there.
Is it not inspecting that rule?
09-25-2018 06:04 AM
That policy looks fine from the screen shot. I don't see why moving the Youtube rule up would block everything.
Did you check the cli packet-tracer and/or firewall engine debug?
You might open a TAC case to have them look at it interactively with you.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide