06-20-2020 08:47 PM
Hi all,
I am getting URL Category and Reputation failure on FTD , there is no url filtering license available on the device, also the url monitor is disabled on the health policy.
What could be the reason for this?
As per my understanding FTD will not directly communicating with bright cloud for the DB update,instead FMC will push the DB update to FTD just correct me if i am wrong.
Also Can somebody tell me , for downloading the URL database from FMC to FTD , which port is using?
Thanks in advance.
Regards
Shine Sudheesh
06-20-2020 09:11 PM - edited 06-20-2020 11:09 PM
Did you used to have a URL Filtering license and deploy and access control policy that uses that feature in a rule? That would cause the error you are seeing.
Yes the URL updates come via the FMC manager. The ASAs cache a certain amount of URLs locally (how many varies based on model of ASA). Those updates (and all others) come via the sftunnel communications with FMC. That uses tcp/8305.
06-20-2020 09:34 PM
06-20-2020 10:55 PM
06-20-2020 11:07 PM - edited 06-20-2020 11:09 PM
A rule using an unlicensed feature should have a yellow exclamation point in a triangle displayed in the ACP listing in FMC. Also, whenever you deploy that policy the deployment page will give you a warning about it.
You can also just glance at the URL column of the ACP and see if anything other than "Any" is in it. Even with 2000 rules, that's only 20 pages to glance at quickly. Or your could "show access-control-config" from the sensor cli and search the output for "URL". Any rule with either a URL category or specific URL(s) will have that string embedded.
06-20-2020 11:28 PM
06-20-2020 11:36 PM
06-21-2020 03:04 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide