02-23-2015 03:20 PM - edited 03-12-2019 05:37 AM
I'm seeing some strange behavior with our new ASA 5545-X with the Sourefire URL filtering.
I'm intermittently able to get to known bad sites that should be blocked. For example, we are testing the porn URL filtering and our device is configured to NOT allow any Nudity. For some time, I'm able to browse playboy.com or some of the other known bad sites. Then, without any configuration changes, the sites get blocked. It also seems that after an undetermined amount of time, the sites are allowed, at least for the first attempt then they are blocked again - sending users to the block page.
Also, a few sites (well known Adult sites) are allowed when, clearly, they should be blocked.
Is anyone seeing anything like this?
Solved! Go to Solution.
01-14-2016 05:57 AM
Thanks Burkhard!
I've been searching for this url for almost two hours yesterday and didn't find it in any Firepower docs nor my searching the Cisco website or the net.
01-14-2016 07:23 AM
It seems that this doesn't check the Firepower URL category database as that's not selectable and the URL I've tried to check is in no category for all four available databases.
01-14-2016 07:38 AM
What does it show in Senderbase.org? or what is the URL?
01-14-2016 07:53 AM
It shows neutral. The URL is https://wgmail.bleier.at which is categorized as Adult/Pornography.
01-14-2016 08:15 AM
I submitted the URL for you. It takes up to 24 hours to be verified.
02-02-2017 11:29 AM
I would love to add the website to certain category classification, unfortunately, I don't have an appropriate account to make those changes.
The website which I wish to change is used as Filter avoidance tool however it isn't marked as such: www.expressvpn.com
Could you please help me out regarding this pressing matter.
Thanks in advance,
02-02-2017 11:33 AM
That URL is indeed categorized as Filter Avoidance.
http://www.senderbase.org/lookup/?search_string=www.expressvpn.com
02-14-2017 01:19 AM
Remember , Firepower is not using Senderbase as source for URL filtering.
Source is webroot. I assume this will be moved to senderbase but no ETA on that.
http://www.brightcloud.com/tools/url-ip-lookup.php
www.expressvpn.com is classified on webroot/brightcloud as :
Computer and Internet Security
Business and Economy
You can request a URL category change there.
01-14-2016 07:37 AM
Then you'll have to block Google. Sourcefire does not have a Safe Search function yet.
03-02-2015 01:53 PM
Remember that this is an IPS appliance that has had multiple add-on's like URL filtering, NAT, VPN, etc. If you want tried and true URL filtering you should look at the WSA.
03-02-2015 03:27 PM
I understand your point but if the product doesn't work they shouldn't sell it or at least label it as "Beta". It is touted as a top tier URL filtering solution.
I spoke with TAC today. They are aware of the issue and will be getting back to me with a workaround until an official patch is released.
03-03-2015 05:36 AM
I opened a ticket yesterday and had a tech call me back and resolve this issue. There is a bug that is fixed in v5.3.1.2 and v5.4. After the tech applied the fix the issue was resolved.
02-28-2015 01:06 PM
Same here running same code.
04-06-2015 06:32 PM
I am having this same issue but we are running v5.4.1 build 59.
My customer has a rule configured to block "Adult and Pornography" as well as "Music" sites. After successfully reaching www.vainaporno.com and www.suenamp3.com, the Connection Events show no URL category set for any of these sites.
Is there a way to block uncategorized sites? He prefers to create a new rule allowing permitted sites 'on-demand' after the Connection Event has been reviewed.
04-06-2015 06:52 PM
Also, according to the Brightcloud URL / IP Lookup tool, the site www.vainaporno.com is actually categorized as "Adult and Pornography". But the Connection Events on the Defense Center don't show any URL category set.
http://www.brightcloud.com/tools/url-ip-lookup.php
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide