02-20-2017 01:06 AM - edited 03-12-2019 06:17 AM
Hi Team,
I would like to ask on the possible copy of the url or site that is under social networking category in ffirepower/firesight.
02-20-2017 07:06 AM
Brightcloud is the source Cisco uses for the URL categories.
You can lookup a given site using http://www.brightcloud.com/tools/url-ip-lookup.php.
You cannot download a copy of all the sites they include for a given category.
02-21-2017 11:37 PM
Hi Marvin ,
do you know how often they update this list ? Yesterday i totally gone crazy on one of customer ,i was not able to block most famous adult and proxy sites ? Is this a bug ?
02-21-2017 11:40 PM
It's upated continually - i.e. multiple times throughout the day.
Did you check the connection records for the traffic that was not being blocked and see the Category that FirePOWER assigned the traffic?
02-21-2017 11:42 PM
Yes ,i see that this site falls under Uncategorized site ,but when i check it on site it shows that it is already under adult category .
02-21-2017 11:45 PM
Are any sites showing up categorized correctly? If your FMC DNS lookups aren't working that would cause all site lookups to fail (= Uncategorized)
02-22-2017 12:12 AM
After verification commands i see that i can successfully connected to Brightcloud database and resolve it.
admin@firepower2:~$ sudo nslookup service.brightcloud.com
Server: 192.168.10.250
Address: 192.168.10.250#53
Non-authoritative answer:
Name: service.brightcloud.com
Address: 52.210.56.12
Name: service.brightcloud.com
Address: 52.18.164.250
Server: 192.168.10.250
Address: 192.168.10.250#53
Non-authoritative answer:
Name: database.brightcloud.com
Address: 52.51.55.250
Name: database.brightcloud.com
Address: 54.171.36.173
Name: database.brightcloud.com
Address: 52.50.161.77
admin@firepower2:~$ telnet service.brightcloud.com 80
Trying 52.18.164.250...
Connected to service.brightcloud.com.
Escape character is '^]'.
02-22-2017 12:45 AM
That appears to be OK.
Can you share a screen shot of your Acess Control Policy rules that you're using for URL Monitoring or Blocking?
If you cannot, it might be easiest to just open a TAC case.
02-22-2017 01:49 AM
02-22-2017 02:08 AM
That looks straightforward.
Assuming it's deployed to your devices, I would expect that policy to block the defined categories as long as your source user was not a member of the Managers or IT Dept. groups.
I have used similar policies on FirePOWER 5.3 through 6.2 and they worked fine.
You might want to open a TAC case so they can work with you interactively.
02-22-2017 02:11 AM
I am sure that source was true ,but it doesnt match ,unfortunately I can not open TAC because customer still wants to test and compare it with Checkpoint and PaloAlto ,so what would you recommend to do ?
02-22-2017 06:35 AM
Is there any list of what are under each category that is in firesight?
02-22-2017 08:10 AM
You can list the categories.
You cannot list the URLs that are within each category.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: