11-08-2022 04:34 AM
Hi all,
I have an access rule configured as below which does not seem to work.
source network object -> any
Ports any -> 443
URL -> microsoft.com
When running packet tracer, the traffic to microsoft.com is allowed, however, traffic to another website which is not in the URL filtering is also allowed. I see that both packet traces hit the configured rule, but I feel that as soon as the traffic matches the port 443 it is allowed. It is like the URL filter is being ignored.
Do I need some kind of SSL / Decryption policy to enable the URL filtering to work? Or could this be DNS related.
Thanks
Nick
11-08-2022 04:57 AM
Most of the rule top down, so check what rule it is hitting ?
some guided video to understand the process.
11-08-2022 05:16 AM
Hi Balaji,
Thank you for the link. I have my ACL set up exactly as in the video. The packet tracer states that the traffic does hit the correct rule. However, the rule is allowing traffic to URLs not stated in the rule.
Thanks
Nick
11-08-2022 10:17 AM
can you post the packet tracer output?
11-09-2022 04:24 AM
Hi,
I have attached packet traces and screenshots of the ACL.
Let me know if you spot anything. To me it looks like the traffic is being allowed by the "Zones" section of the ACL and not actually getting to the URL section, but I may be wrong.
Thanks
Nick
11-09-2022 04:40 AM
Are you only testing with packet-tracer or are you testing with actually trying to access a different website?
Because URL filtering is done in SNORT, until SNORT has made a verdict on what should happen with the traffic the traffic is allowed through the firewall (usually the first 3 packets). So a packet tracer is not a good indication of if the rule set is working as intended as packet-tracer only sends one packet and does not take into consideration the action that SNORT takes on the packet.
11-09-2022 05:05 AM
Perfect, exactly the info I was looking for. We will get the client to test with actual web access. I was only using the packet tracer on the FTD.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide