11-25-2020 07:04 AM
Hello,
We have an ASA 5545 (9.6) with firepower services and FMC ver 6.4.0.9.
When checking the connection events, I noticed that the 'URL' and 'URL Category' fields appear in some cases, but in other cases they appear empty.
This produces erratic behavior because when the traffic passes through the access control policies, it does'nt match the superior rules and falls into the default rule.
Any suggestions?
Thanks.
11-25-2020 11:17 PM
Hi Luigi,
If you have already identified a flow which is not hitting the correct rule lets make use of the tools available with in the FTD to identify the reason behind it.
login to the FTD and then run "system support trace" from the clish mode (>). Provide the details of the flow which we are planning to troubleshoot. Please choose Yes when it asks if you need firewall engine-debug or not.
please share the output with me, lets do the analysis and see where it is going wrong.
Thanks
Shuhaib
11-26-2020 04:27 AM
Hi Shuhaib,
We are not using FTD, we have a SFR device (6.4.0.9) in the ASA 5545.
As you can see in the file I attached here with an extract of the connection events, there are some lines of traffic which we can see the "URL" but the "URL Category" appear in blank. In other cases we can see both the "URL" and "URL Category info". So the traffic which has the "URL Category" in blank will go to the default rule.
Thanks.
Luigi.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide