Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1312
Views
0
Helpful
8
Replies

Restricted access not working from fmc and ftd firewall

ShareefKooliyodan0444
Level 1
Level 1

‎08-19-2023 11:41 PM

Dears, 

I  have issue with rules ,

i created 2 rules from fmc ,Rule1 deny all internet access for specific network or vlan for example server vlan 172 Network 192.168.172.0 and 172 192.168.173.0 . 

and rule2 allow access network or vlan for example server vlan 172 Network 192.168.172.0 and 172 192.168.173.0 only for falcon.crowdstrike.com  and windowsupdates.com . 

I created rules like above ,rule1 deny is working blocking internet access for all servers but rule2 not working servers cant able to access falcon.crowdstrike.com  and windowsupdates.com. 

 

Could you Guyz please help me resolve the above issues. 

 

Thank you 

0 Helpful
8 Replies 8

Marius Gunnerud
VIP
VIP

‎08-20-2023 01:53 AM

I had a little trouble following what your issue is.  To my understanding it is the following:

  • Rule 1 deny rule works.
  • Rule 2 access from VLAN 172 to crowdstrike and windowsupdate does not work.

Do you have NAT configured for the traffic? Run a packet-tracer to see if traffic is actually allowed through the firewall, if it is not this should give you a reason for the drop.

--
Please remember to select a correct answer and rate helpful posts
0 Helpful

ShareefKooliyodan0444
Level 1
Level 1

‎08-20-2023 02:15 AM

Yes, nat policy is there, also has internet access for rest of VLan.  i need to configure restricted access for above networks. 

0 Helpful

Marius Gunnerud
VIP
VIP
In response to ShareefKooliyodan0444

‎08-20-2023 02:31 AM

How have you confiugred the access rules then?  using FQDN object or URL filtering?  If using FQDN is the FTD able to resolve the URLS?

--
Please remember to select a correct answer and rate helpful posts
0 Helpful

ShareefKooliyodan0444
Level 1
Level 1

‎08-20-2023 02:39 AM

Please check attached , allowed from access policy as you said, but still not work . 

Preview file
42 KB
Preview file
66 KB
0 Helpful

Marius Gunnerud
VIP
VIP

‎08-20-2023 02:45 AM

So you are using both Network object and URL.  As long as there are no redirections happening do other URLs, I would suggest removing the URL configuration and just use the Network object.

--
Please remember to select a correct answer and rate helpful posts
0 Helpful

ShareefKooliyodan0444
Level 1
Level 1

‎08-20-2023 02:54 AM

I removed URL , but the same cant access  sites . if unblock from block rule it is working but  getting full internet access 

0 Helpful

Marius Gunnerud
VIP
VIP

‎08-20-2023 04:58 AM

Could you post the block rule configuration please

--
Please remember to select a correct answer and rate helpful posts
0 Helpful

ShareefKooliyodan0444
Level 1
Level 1

‎08-21-2023 12:21 AM

Okay , please check attached ,its block rule.

 

Preview file
90 KB
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card