skype and whatsapp are not working through firepower
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-13-2017 05:35 AM - edited 02-21-2020 06:57 AM
Hi,
i have rule configured to allow traffic to some applications like :Viber, Skype, Whatsapp
Viber is working good, Skype no and whatsapp also not working....
i have added all the available applications that appears when searching the filter list for skype and whatsapp
can anyone help?
thanks
- Labels:
-
IPS and IDS
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-13-2017 09:48 AM
I think you need to provide us how you are configuring the rules and also what platform/software you are running?
br, Micke
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-13-2017 09:56 AM - edited 12-13-2017 09:58 AM
Hi,
this is the rule, AD user permitted for applications in the list SKYPE whatsapp,...etc
im using Firepower over ASA5512-X, version is 6.2
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-13-2017 10:10 AM
br, Micke
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-13-2017 09:54 PM - edited 12-13-2017 09:57 PM
the action is block please check attached.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-15-2017 03:36 AM
If you look in the table view och connection events, can you see what rule the application is blocked on?
Can you do a packet-trace from and post that here?
Is the Skype Tunneling included in the rule?
br, Micke
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-16-2017 04:07 AM - edited 12-17-2017 01:56 AM
Hi,
i have added the skype tunneling, but still the same, and the thing is i noticed the initiator user shows unknown in the connection events, while im trying to filter based on username...
after checking i found my AD user agent domain is not matching with realm configs for AD primary domain
i have changed both to be matching now but still the user is not showing, while its showing in user activity list...
checking some websites, it seems to be a bug in Firepower, I'm using v6.2.0.2
any idea how to solve this issue?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-22-2017 04:19 AM
So if you have a rule that is defined as allow, source network, application and user you need to get match on all three of the parameters for the rule to work.
Sounds like you have some kind of issue with the AD user agent, guess you need to try to figure out what the problem is with that.
If the configuration looks correct and it's still not working I would sudgest to contact Cisco TAC.
Here is some links, some of the information might be old:
https://www.cisco.com/c/en/us/support/docs/security/firesight-management-center/118131-technote-sourcefire-00.html
https://www.cisco.com/c/en/us/support/docs/security/firesight-management-center/118674-technote-useragent-00.html
https://www.cisco.com/c/en/us/support/docs/security/firesight-management-center/118159-troubleshoot-firesite-00.html
br, Micke
