Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1859
Views
3
Helpful
10
Replies

URL Categories are empty in FMC connections events

LuigiDiFronzo9542
Level 1
Level 1

‎09-05-2024 08:01 AM

We have an FMC ver 7.2 and recently was activate the passive authentication through the ISE. This is for begin to use the url and content filtering with the users.

When we take a look at the collumn in the connection events we can see the URL information, but the URL category is empty.

We have activate the options 'Enable Automatic Updates' and ' Query Cisco Cloud for Unknown URLs' in the URL Filtering section and the licenses are applied to the FTD.

Any suggestion about why don't appear the URL Categories?

Thanks.

10 Replies 10

Marvin Rhoads
Hall of Fame
Hall of Fame

‎09-05-2024 09:40 AM

You can add a monitor rule at the top of your ACP and include all URL categories. That will show you the data in advance of having any rule that enforces based on categories.

 

MarvinRhoads_0-1725554326922.png

 

MarvinRhoads_1-1725554414148.png

 

LuigiDiFronzo9542
Level 1
Level 1
In response to Marvin Rhoads

‎09-05-2024 10:20 AM

Thanks Marvin,

I tried to add all the URL categories but got the following message: 'The maximun numbre of URL objects that can be added is 50'.

I put 'any' in URLs but seem not work yet.

Did I miss something?

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to LuigiDiFronzo9542

‎09-06-2024 01:44 AM

Try multiple monitor rules each with 50 URL categories. I used a later version (7.6 pre-release) so they must have fixed this bug.

0 Helpful

LuigiDiFronzo9542
Level 1
Level 1
In response to Marvin Rhoads

‎09-06-2024 01:05 PM

Thanks Marvin,

I tried adding only 2 categories and when I check the connection events, not only those two categories that I added but also the others appear. This is an interesting situation.

Another thing, when I added the monitor rule and save the change inmediatly appear the warning I put in the image.

 

Preview file
46 KB
0 Helpful

LuigiDiFronzo9542
Level 1
Level 1
In response to LuigiDiFronzo9542

‎09-18-2024 02:11 PM

Hi,

After having placed only a couple of URL categories and performing monitoring, it is observed that the categorization of events is working normally. I still wonder how it's working.

However, I've noticed another detail, and that is that when performing a packet tracer, the Monitor rule that comes first always appears in the access list section, but it does not indicate the next rule in which it matches.

Do you have any idea how to solve this?

Thanks.

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to LuigiDiFronzo9542

‎02-26-2025 09:17 AM

@LuigiDiFronzo9542 you should be able to use system support firewall-engine-debug to get a more complete view of which rule matches.

https://www.cisco.com/c/en/us/support/docs/security/firepower-ngfw/214577-firepower-data-path-troubleshooting-phas.html

0 Helpful

CiscoBrownBelt
Level 6
Level 6
In response to Marvin Rhoads

‎02-25-2025 06:43 AM

I noticed some traffic displays URL and category and some do not. Happen to know why?

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to CiscoBrownBelt

‎02-26-2025 09:15 AM

Not all URLs are categorized. There are 10s of millions in existence with thousands more created every day.

CiscoBrownBelt
Level 6
Level 6
In response to Marvin Rhoads

‎02-26-2025 09:27 AM

Yea I was thinking that, but then I see similar sites are so wasn't sure. Sometimes the URL is not even displayed either.

0 Helpful

MHM Cisco World
VIP
VIP

‎09-06-2024 05:19 AM

Can I see screenshot of your url category

To know what issue exactly 

MHM

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card