Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1534
Views
0
Helpful
4
Replies

How to block url for HTTPS traffic without SSL decpryptions on FTD 6.2.3?

Go to solution
slv_slv
Level 1
Level 1

‎04-05-2021 06:05 AM

Hi All

 

I'm using FTD on ASA 5506x v6.2.3.16-59 (managed by Firepower Device Management) with latest updates.

I have rule with app filter HTTPS and url category which should be blocked Dating (just for testing)

Screenshot_66.jpg

as you can expect this rule is not working correclty - thats why I'm asking you for help here

Screenshot_67.jpg

 

Traffic hit correct sec rule, so app detection is working fine, also url categoryzation seems to be fine.

Why this traffic is allowed?  Whats wrong here ?

 

I wouldn't do a SSL decrypt becase my device is too small, but based on SSL cert SNI block urls.

 

Regards

Slawek

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎04-05-2021 06:11 AM

you need to bring up the rule above the 2nd rule, as per the screenshot, your 2nd rule has any any HTTPS allowed.

 

here is a guide :

 

https://www.cisco.com/c/en/us/support/docs/smb/routers/cisco-rv-series-small-business-routers/1332-how-to-purchase-and-setup-web-filter-licensing-on-the-rv340.html

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

View solution in original post

0 Helpful
4 Replies 4

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎04-05-2021 06:11 AM

you need to bring up the rule above the 2nd rule, as per the screenshot, your 2nd rule has any any HTTPS allowed.

 

here is a guide :

 

https://www.cisco.com/c/en/us/support/docs/smb/routers/cisco-rv-series-small-business-routers/1332-how-to-purchase-and-setup-web-filter-licensing-on-the-rv340.html

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
Karsten Iwen
VIP
VIP

‎04-05-2021 06:37 AM

For me, it looks like it worked as expected and the session was blocked.

0 Helpful

Go to solution
slv_slv
Level 1
Level 1
In response to Karsten Iwen

‎04-05-2021 07:00 AM

@karsten 

Where do you see action block on provided screenshots? This webpage is fully loaded on my laptop.

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to slv_slv

‎04-05-2021 07:06 AM

The top of your screenshot says "Connection Event ---- Block".

Did you clear your browser cache or try opening the site in a private/incognito browser session?

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card