cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

324
Views
0
Helpful
2
Replies
Highlighted
Beginner

SI URL whitelisting not working

Hi, I have enabled DPI inspection on my FTD units. When I whitelist a URL by domain or URL, via the connection events in the fmc, I am still getting blocked for the URL category. Per the event log, it is getting de-crypt and the behavior is same with other sites that use the same ACP. I even see the url listed in the Global-Whitelist-for-URL feed when I login to the FTD appliance. Any suggestions what else to look for? Running 6.4.0.4.

Everyone's tags (3)
1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Beginner

Re: SI URL whitelisting not working

I opened a case with TAC. The issue was a misunderstanding how SI works. Apparently the SI URL whitelist only whitelists the security intelligence but doesn't allow a fast path before the ACP. You cannot whitelist a URL via the SI feed, it still checks the ACP.

View solution in original post

2 REPLIES 2
Highlighted
Cisco Employee

Re: SI URL whitelisting not working

Security Intelligence happens before ACP and decryption so something is not right here. Do you see these events in Analysis > Security Intelligence Events ?

Thank you for rating helpful posts!

Highlighted
Beginner

Re: SI URL whitelisting not working

I opened a case with TAC. The issue was a misunderstanding how SI works. Apparently the SI URL whitelist only whitelists the security intelligence but doesn't allow a fast path before the ACP. You cannot whitelist a URL via the SI feed, it still checks the ACP.

View solution in original post