04-05-2021 06:05 AM
Hi All
I'm using FTD on ASA 5506x v6.2.3.16-59 (managed by Firepower Device Management) with latest updates.
I have rule with app filter HTTPS and url category which should be blocked Dating (just for testing)
as you can expect this rule is not working correclty - thats why I'm asking you for help here
Traffic hit correct sec rule, so app detection is working fine, also url categoryzation seems to be fine.
Why this traffic is allowed? Whats wrong here ?
I wouldn't do a SSL decrypt becase my device is too small, but based on SSL cert SNI block urls.
Regards
Slawek
Solved! Go to Solution.
04-05-2021 06:11 AM
you need to bring up the rule above the 2nd rule, as per the screenshot, your 2nd rule has any any HTTPS allowed.
here is a guide :
04-05-2021 06:11 AM
you need to bring up the rule above the 2nd rule, as per the screenshot, your 2nd rule has any any HTTPS allowed.
here is a guide :
04-05-2021 06:37 AM
For me, it looks like it worked as expected and the session was blocked.
04-05-2021 07:00 AM
Where do you see action block on provided screenshots? This webpage is fully loaded on my laptop.
04-05-2021 07:06 AM
The top of your screenshot says "Connection Event ---- Block".
Did you clear your browser cache or try opening the site in a private/incognito browser session?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide