Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
231
Views
1
Helpful
5
Replies

FTD URL filtering is not working

Scryden2
Level 1
Level 1

‎08-12-2025 09:23 PM - edited ‎08-12-2025 09:25 PM

I manage an ISA 3000 firewall running FTD 7.4.2.3-4 using the FDM. This is for a small site with just this one firewall. There is no FMC and we do not want FMC. The device will be managed through FDM. We have all the NGFW licenses for the FTD (IPS/IDS, Malware, URL). When configuring access policies to block website categories, the URL filtering is not working at all. After trying to open any of the risky websites, say cryptocurrency or pornography websites, the websites still open just fine. When checking the hit counter of the rules, I see that the block rule never gets hit, even though it is listed before the general allow rule. See attached screenshot of my configuration. What am I doing wrong here?

PS: Do not worry about rule #2. We are testing a few things and this blanket allow rule only applies to traffic from inside vlans to other inside vlans, not towards the internet.

Preview file
157 KB
0 Helpful
5 Replies 5

Marvin Rhoads
Hall of Fame
Hall of Fame

‎08-12-2025 09:49 PM

Does the firewall have a DNS configuration so that it knows how to resolve and categorize URLs by their DNS entry?

0 Helpful

Scryden2
Level 1
Level 1
In response to Marvin Rhoads

‎08-12-2025 09:54 PM

Hi Marvin,

Yes. Please see attached screenshots. It is also able to communicate with SMARTnet and retrieve VDB and intrusion updates just fine.

Preview file
79 KB
Preview file
100 KB
0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to Scryden2

‎08-12-2025 10:04 PM

Ok, that all appears correct.

If you enter a test URL in the filtering section, does it get categorized as expected?

0 Helpful

Scryden2
Level 1
Level 1
In response to Marvin Rhoads

‎08-12-2025 10:22 PM - edited ‎08-12-2025 10:23 PM

Hi Marvin,

Please disregard. I found my own mistake. I recently changed the gateway for the management interface and I punched in the wrong IP address. After updating it to the correct one the URL filtering now seems to be working.

One thing I do want to clarify though is the following:
When a URL is part of 2 separate URL categories, and I have only 1 blocked but not the other, the website is permitted. For example, I am blocking the category 'cryptocurrency' but not 'online trading'. One of the crypto websites I am testing with is in both the category 'cryptocurrency' and 'online trading', according to Cisco Talos. I can open the website just fine. This company needs to have access to trading platforms but wants to exclude crypto platforms. Is this expected behavior of the firewall and is the only way around it to manually block the URLs in question?

MHM Cisco World
VIP
VIP
In response to Scryden2

‎08-13-2025 01:52 AM

https://community.cisco.com/t5/network-security/difference-between-security-intelligence-and-url-filtering-on/td-p/3682603

There are two 

Url filter and SI url' you can use both to achieve what you want 

MHM

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card