Cisco Community
English
Register
We're here for you! LEARN about free offerings and business continuity best practices during the COVID-19 pandemic
Register
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

324
Views
0
Helpful
2
Replies
Highlighted
ryan14
Beginner
Beginner
‎01-06-2020 05:50 AM
‎01-06-2020 05:50 AM

SI URL whitelisting not working

Hi, I have enabled DPI inspection on my FTD units. When I whitelist a URL by domain or URL, via the connection events in the fmc, I am still getting blocked for the URL category. Per the event log, it is getting de-crypt and the behavior is same with other sites that use the same ACP. I even see the url listed in the Global-Whitelist-for-URL feed when I login to the FTD appliance. Any suggestions what else to look for? Running 6.4.0.4.

Everyone's tags (3)
0 Helpful
Reply
1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
ryan14
Beginner
Beginner
‎01-08-2020 04:39 AM
‎01-08-2020 04:39 AM

Re: SI URL whitelisting not working

I opened a case with TAC. The issue was a misunderstanding how SI works. Apparently the SI URL whitelist only whitelists the security intelligence but doesn't allow a fast path before the ACP. You cannot whitelist a URL via the SI feed, it still checks the ACP.

View solution in original post

0 Helpful
Reply
2 REPLIES 2
Highlighted
nspasov
Cisco Employee
Cisco Employee
‎01-08-2020 12:10 AM
‎01-08-2020 12:10 AM

Re: SI URL whitelisting not working

Security Intelligence happens before ACP and decryption so something is not right here. Do you see these events in Analysis > Security Intelligence Events ?

Thank you for rating helpful posts!

0 Helpful
Reply
Highlighted
ryan14
Beginner
Beginner
‎01-08-2020 04:39 AM
‎01-08-2020 04:39 AM

Re: SI URL whitelisting not working

I opened a case with TAC. The issue was a misunderstanding how SI works. Apparently the SI URL whitelist only whitelists the security intelligence but doesn't allow a fast path before the ACP. You cannot whitelist a URL via the SI feed, it still checks the ACP.

View solution in original post

0 Helpful
Reply
Latest Contents
DGTL-BRKSEC-1011 - A Challenger Appears: Defending Mailboxes...
Created by chclasen on 05-20-2020 09:43 AM
0
0
0
0
This AMA will serve as the Q&A for the Cisco Live Digital breakout DGTL-BRKSEC-1011 - "A Challenger Appears: Defending Mailboxes in the Cloud" which covers a brand new product which will be announced during the event: Cloud Mailbox Defense. Join Techn... view more
ASA Image won't stay
Created by Senbonzakura on 05-19-2020 12:19 PM
3
0
3
0
I've fixed this before but now I'm running into a different type of an issue. My firewall isn't booting to the image so I have to keep reloading the image onto the ASA. Any help would be appreciated. Also my Config-Register is set to 0x1. As of right now,... view more
#CiscoChat Live - SMBs and CyberSecurity: Busting Traditiona...
Created by Kelli Glass on 05-18-2020 02:05 PM
0
0
0
0
Join us live on Tuesday, May 19th at 10 am PT (and on demand after) as we officially bust the myths around SMBs and cybersecurity. Join our experts for a live Cisco Chat - we'll share some fascinating survey results, and outline key factors for a suc... view more
#CiscoChat Live - SMBs and CyberSecurity: Busting Traditiona...
Created by Kelli Glass on 05-18-2020 02:00 PM
3
0
3
0
Join us live on Tuesday, May 19th at 10 am PT (and on demand after) as we officially bust the myths around SMBs and cybersecurity. Join our experts for a live Cisco Chat - we'll share some fascinating survey results, and outline key factors for a success... view more
PRTG vs. ASA
Created by Marvin Rhoads on 05-11-2020 10:15 AM
0
20
0
20
Symptoms Recently I upgraded an ASA 5525-X HA pair to the latest recommended code (9.12(3)12). Our previous release was 9.8(4)17. This was a routine upgrade to address a recent set of vulnerabilities announced by Cisco. A review of the release notes (bot... view more
CreatePlease to create content
Discussion
Blog
Document
Video
Content for Community-Ad
Software Conformance Survey


Follow our Social Media Channels