Solved: How to block url for HTTPS traffic without SSL decpryptions on FTD 6.2.3?

slv_slv · ‎04-05-2021

Hi All

I'm using FTD on ASA 5506x v6.2.3.16-59 (managed by Firepower Device Management) with latest updates.

I have rule with app filter HTTPS and url category which should be blocked Dating (just for testing)

as you can expect this rule is not working correclty - thats why I'm asking you for help here

Traffic hit correct sec rule, so app detection is working fine, also url categoryzation seems to be fine.

Why this traffic is allowed? Whats wrong here ?

I wouldn't do a SSL decrypt becase my device is too small, but based on SSL cert SNI block urls.

Regards

Slawek

balaji.bandi · ‎04-05-2021

you need to bring up the rule above the 2nd rule, as per the screenshot, your 2nd rule has any any HTTPS allowed.

here is a guide :

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

balaji.bandi · ‎04-05-2021

you need to bring up the rule above the 2nd rule, as per the screenshot, your 2nd rule has any any HTTPS allowed.

here is a guide :

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Karsten Iwen · ‎04-05-2021

For me, it looks like it worked as expected and the session was blocked.

slv_slv · ‎04-05-2021

Where do you see action block on provided screenshots? This webpage is fully loaded on my laptop.

Marvin Rhoads · ‎04-05-2021

The top of your screenshot says "Connection Event ---- Block".

Did you clear your browser cache or try opening the site in a private/incognito browser session?