Issues with URL Filtering in FMC

LuigiDiFronzo9542 · ‎11-25-2020

Hello,

We have an ASA 5545 (9.6) with firepower services and FMC ver 6.4.0.9.

When checking the connection events, I noticed that the 'URL' and 'URL Category' fields appear in some cases, but in other cases they appear empty.

This produces erratic behavior because when the traffic passes through the access control policies, it does'nt match the superior rules and falls into the default rule.

Any suggestions?

Thanks.

Shuhaib Thottathil · ‎11-25-2020

Hi Luigi,

If you have already identified a flow which is not hitting the correct rule lets make use of the tools available with in the FTD to identify the reason behind it.

login to the FTD and then run "system support trace" from the clish mode (>). Provide the details of the flow which we are planning to troubleshoot. Please choose Yes when it asks if you need firewall engine-debug or not.

please share the output with me, lets do the analysis and see where it is going wrong.

Thanks

Shuhaib

LuigiDiFronzo9542 · ‎11-26-2020

Hi Shuhaib,

We are not using FTD, we have a SFR device (6.4.0.9) in the ASA 5545.

As you can see in the file I attached here with an extract of the connection events, there are some lines of traffic which we can see the "URL" but the "URL Category" appear in blank. In other cases we can see both the "URL" and "URL Category info". So the traffic which has the "URL Category" in blank will go to the default rule.

Thanks.

Luigi.