Hi All,

I have been running into an issue with setting up rules in FTD specifically involving URL Filtering.  If I create a rule set like below:

Seq | Source int | Dest int | Source Add | Destination Add | Port | URL Categories | Action

  1         any            any           any                  any                 any    Gambling,etc        Block

  2         out            inside        any                 x.x.x.x             443       any                   Allow

  3         inside       outside       any                  any                 any        any                   Allow

  Default Action   - Block

It appears Rule 1 for URL creates a permit ip any any and sends traffic to the snort engine for URL filtering, if it is not a blocked category or url , the traffic is passed without farther inspection.  Basically what I am seeing is everything is wide open inbound and the only rule to increment hit counter is rule # 1.  I have run into this issue twice on two different FTDs.  I am confused on why this is or if I am just not understanding something.  Anyone have a set up like this?

I am checking which rule is being hit via packet trace when ssh'd into the FTD.

Chris