cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2574
Views
0
Helpful
18
Replies

integrate cisco firepower management center and ASA5516-x

Hi There,

i have cisco 5516-x with FP module and FPMC installed on VM (6.0.1). i have added license and enabled them for device. also i have added service policy rules in ASA 5516 with enabling firepower inspection. but still i am not able to do URL filtering or any malware filtering. i have tried may methods to do this. still not luck. can some one helps me to configure this from beginning or is there any clear guide which explain initial installation of firepower integration. 

thank you in advance

Please rate this and mark as solution/answer, if this resolved your issue
Good luck
KB
18 Replies 18

Marvin Rhoads
Hall of Fame
Hall of Fame

Have you deployed the Access Control Policy (ACP) with URL and File inspection rules?

Please share a screen shot of Device Management and ACP pages.

Hi Marvin,

Please find attached images for those captures. i guess i am doing some small mistake. but i cannot find it.. :(

i can see application traffic on dashboard, but when i click on that application it is not shows any record details.

Thanks in advance

Please rate this and mark as solution/answer, if this resolved your issue
Good luck
KB

Hi Kasun,

The screenshots looks correct. Can you please also share ouptu  of "show service-policy sfr"  from ASA CLI and a screenshot of all access control policy rules unless the 1 you shared is on Top.

Thanks

Yogesh

Hi Yogesh,

please find attached details below. thanks for looking in to this..

thank you

Please rate this and mark as solution/answer, if this resolved your issue
Good luck
KB

Kasun,

I notice your "blockeicar" has an application rule included. Only traffic matching that condition AND the URL condition will have the selected Block with Reset action applied.

Hi Marvin,

i have tested that also, please check attached. i dont know what is the issue in that. is there any way to trouble from firewall side?

thank you

Please rate this and mark as solution/answer, if this resolved your issue
Good luck
KB

You cannot trace the logic in FirePOWER 6.0.1 that you are using, either on the firewall or from FirePOWER Management Center.

Your FirePOWER Management Center Connection Record will show what URL Category a given connection was classified into.

In FMC 6.1, Cisco added the capability to do a lookup of the category directly from the Web UI. (You could always just put the URL into brightcloud.com service that Cisco uses in the backend.)

In FMC 6.2 we now have the capability to do a packet-tracer fucntion from the Health Monitoring Advnaced Troubleshooting tools section of FMC.

Hi Marvin,

Thanks a lot for update. if i removed asa firepower management from firepower center will cause any down time? or can i just remove management center and install new center. also can i transfer my FP license to new center?

thank you

Please rate this and mark as solution/answer, if this resolved your issue
Good luck
KB

Changing from one management center to another will not cause any downtime on the managed devices. When you redeploy policies (either from an existing or new FMC) there can be a brief interruption of packet processing.

Rehosting or transferring licenses requires TAC assistance (Global Licensing Operations queue) for Classic licenses such as are used by your 5516-X FirePOWER Service module managed by FMC.

(The newer Smart licenses used by FTD can be rehosted via self-service.)

HI Marvin,

i will plan to upgrade then. after that i hope to do configurations again. hope that will work fine.

is there anything need to check from firewall/?

thank you

Please rate this and mark as solution/answer, if this resolved your issue
Good luck
KB

Hi All,

i have added FPMC policies to interface. i did not created any Zones. is that can be a issue? because asa doesn't have zones created .

thank you all

Please rate this and mark as solution/answer, if this resolved your issue
Good luck
KB

Jetsy Mathew
Cisco Employee
Cisco Employee

Hello Kasun,

For URL filtering , you can refer the following video tutorial.

https://www.youtube.com/watch?v=nXIBDQqekPY

Regards

Jetsy 

Still I dont have a answer for this matter. when URL filtering, i can filter manual URLs but not categories. also i cant see any of loggin record for blocking traffic. this is really weird. 

Please rate this and mark as solution/answer, if this resolved your issue
Good luck
KB

For logging - have you set the rules in your Access Control Policy to create log entries? They won't by default.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: