FTD is running in ASA AND Firepower mode in the same time. There's no separate way of operations.
You can add URL based rules. Or you can add application (like SSH) or you can add ports.
I have done it man all of them ! still doesnt work :( , Unfortunately I dont have license for opening TAC ,what do you recommend me to do ?
> Actually I dont use FTD ,I am using version 6.2 Firepower and my sensor is 5525
Are you using 6.2 as SFR module in ASA? Do you have connection events on the FMC?
I don't really understand your setup. Also, if you don't run FTD (which has a trial 90 days of URL licensing) and you don't have an URL license, what are you trying to achieve will not work.
Have an endpoint where you can troubleshoot from (used to try to access one of the destinations in those categories). Is recommended that endpoint to not generate too much other traffic
Open a ssh connection to the FTD's management IP. From cli, run:
system support firewall-engine-debug
Provide the filtering info, like this:
Please specify an IP protocol: tcp
Please specify a client IP address: your_endpoint_IP_address
Please specify a client port:
Please specify a server IP address:
Please specify a server port:
Now, while it runs, access one of the websites. Stop the debug with CTRL+C. Grab the output and add it in here.
You're doing it wrong. The URL categories should be configured on the URLs tab of the ACP rule, not on the Applications.
Please check the documentation for further information:
Hi Philip ,
Although Firepower has this ability ( at least they insist ) they can not block majority of porn sites ,I am totally fed up with these small issues which made me crazy ,all of them are fall to uncategorized category which actually they should not.I know that Checkpoint or PaloAlto has URL report webpages which you can request to change specific site's category .