Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1793
Views
5
Helpful
2
Replies

SI URL whitelisting not working

Go to solution
ryan14
Level 1
Level 1

‎01-06-2020 05:50 AM - edited ‎02-21-2020 09:48 AM

Hi, I have enabled DPI inspection on my FTD units. When I whitelist a URL by domain or URL, via the connection events in the fmc, I am still getting blocked for the URL category. Per the event log, it is getting de-crypt and the behavior is same with other sites that use the same ACP. I even see the url listed in the Global-Whitelist-for-URL feed when I login to the FTD appliance. Any suggestions what else to look for? Running 6.4.0.4.

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
ryan14
Level 1
Level 1
In response to nspasov

‎01-08-2020 04:39 AM

I opened a case with TAC. The issue was a misunderstanding how SI works. Apparently the SI URL whitelist only whitelists the security intelligence but doesn't allow a fast path before the ACP. You cannot whitelist a URL via the SI feed, it still checks the ACP.

View solution in original post

2 Replies 2

Go to solution
nspasov
Cisco Employee
Cisco Employee

‎01-08-2020 12:10 AM

Security Intelligence happens before ACP and decryption so something is not right here. Do you see these events in Analysis > Security Intelligence Events ?

Thank you for rating helpful posts!

0 Helpful

Go to solution
ryan14
Level 1
Level 1
In response to nspasov

‎01-08-2020 04:39 AM

I opened a case with TAC. The issue was a misunderstanding how SI works. Apparently the SI URL whitelist only whitelists the security intelligence but doesn't allow a fast path before the ACP. You cannot whitelist a URL via the SI feed, it still checks the ACP.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card