Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1723
Views
0
Helpful
9
Replies

FTD does not block sites based on URL rule

apasat
Level 1
Level 1

‎09-18-2023 06:25 AM

Hello everyone,

I got an issue with FTD filtering based on URL rules (predefined categories).

I have some rules that blocks sites with adult content, gambling, video games and other categories:

apasat_0-1695042753946.png

 

Some of sites are blocked and I got ERR_CONNECTION_RESET, so it's working fine, but a lot of websites are still accessible, even if Connection Events says it's blocked based on ACP:

apasat_1-1695042861200.png

I made a rule for this website in screenshot based on it's URL, but it's still working. After this, I banned it's IP addresses, and it stopped working (rule worked fine).

Can someone explain me why FTD does not block websites, but sends logs that it's blocking?

 

 

0 Helpful
9 Replies 9

balaji.bandi
Hall of Fame
Hall of Fame

‎09-18-2023 07:49 AM

If you looking to Block ( select Block) rather Block with reset

more informaion explained here block and block with reset (other options)

https://rayka-co.com/lesson/ftd-access-control-policy/

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

apasat
Level 1
Level 1
In response to balaji.bandi

‎09-19-2023 04:05 AM

I've tried both ways, but the sites are still available, although in connections events I see that it have been blocked based on rule (for example Gambling)

0 Helpful

Aref Alsouqi
VIP
VIP
In response to apasat

‎09-19-2023 04:24 AM

Could it be the sites you tested were cached on the endpoint you tested from? if you try to ping one of those URL's would you get any responses?

0 Helpful

apasat
Level 1
Level 1
In response to Aref Alsouqi

‎09-19-2023 04:39 AM

I've accessed these pages from many workstations, also cleared cache. And yes, I get icmp responses, also telnet on 80/443 is ok. So, FTD does not block traffic

0 Helpful

MHM Cisco World
VIP
VIP
In response to apasat

‎09-19-2023 05:15 AM

Add dns server IP to ftd' make sure ftd can resolve the ip.

0 Helpful

apasat
Level 1
Level 1
In response to MHM Cisco World

‎09-19-2023 05:51 AM

There's already DNS servers. The problem is that some of sites are blocked, and some are not, although in connections events I can see that FTD kind restricted access (it didn't).

0 Helpful

MHM Cisco World
VIP
VIP
In response to apasat

‎09-19-2023 06:09 AM

Some sites block some not' 

Check site allow is bypass by prefilter acl or it already have conn.

If it have conn try clear conn and check again.

0 Helpful

apasat
Level 1
Level 1
In response to MHM Cisco World

‎09-19-2023 06:57 AM

I've just accessed 1xbet.com (gambling site), it works fine, but conn events says that it's blocked (and one line that it's uncategorized and allowed). 

apasat_0-1695131717846.png

 

 

0 Helpful

obrien2010
Level 1
Level 1

‎09-20-2023 05:11 AM

Dumb question..  Did you deploy?

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card