cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

408
Views
0
Helpful
4
Replies
slv_slv
Beginner

How to block url for HTTPS traffic without SSL decpryptions on FTD 6.2.3?

Hi All

 

I'm using FTD on ASA 5506x v6.2.3.16-59 (managed by Firepower Device Management) with latest updates.

I have rule with app filter HTTPS and url category which should be blocked Dating (just for testing)

Screenshot_66.jpg

as you can expect this rule is not working correclty - thats why I'm asking you for help here

Screenshot_67.jpg

 

Traffic hit correct sec rule, so app detection is working fine, also url categoryzation seems to be fine.

Why this traffic is allowed?  Whats wrong here ?

 

I wouldn't do a SSL decrypt becase my device is too small, but based on SSL cert SNI block urls.

 

Regards

Slawek

1 ACCEPTED SOLUTION

Accepted Solutions
balaji.bandi
VIP Expert

you need to bring up the rule above the 2nd rule, as per the screenshot, your 2nd rule has any any HTTPS allowed.

 

here is a guide :

 

https://www.cisco.com/c/en/us/support/docs/smb/routers/cisco-rv-series-small-business-routers/1332-how-to-purchase-and-setup-web-filter-licensing-on-the-rv340.html

BB

***** Rate All Helpful Responses *****

How to Ask The Community for Help

View solution in original post

4 REPLIES 4
balaji.bandi
VIP Expert

you need to bring up the rule above the 2nd rule, as per the screenshot, your 2nd rule has any any HTTPS allowed.

 

here is a guide :

 

https://www.cisco.com/c/en/us/support/docs/smb/routers/cisco-rv-series-small-business-routers/1332-how-to-purchase-and-setup-web-filter-licensing-on-the-rv340.html

BB

***** Rate All Helpful Responses *****

How to Ask The Community for Help

View solution in original post

Karsten Iwen
VIP Mentor

For me, it looks like it worked as expected and the session was blocked.

@karsten 

Where do you see action block on provided screenshots? This webpage is fully loaded on my laptop.

Marvin Rhoads
VIP Community Legend

The top of your screenshot says "Connection Event ---- Block".

Did you clear your browser cache or try opening the site in a private/incognito browser session?

Content for Community-Ad