02-24-2017 04:38 PM - edited 03-12-2019 06:18 AM
So I am having issues getting URL filtering to work. I have an ASA 5506-x and manage with ASDM. I have a default inspection rule that is an allow rule. When I added URL filtering to this rule it did not work. I then started thinking that the URL rule needed to be a separate rule that was a deny rule. I have tried putting it before the allow rule and after it. Can anyone tell me if the URL rule should be a deny rule and if it matters what order these rules are in? Sorry I am new to Firepower.
Solved! Go to Solution.
02-24-2017 05:43 PM
If you want to block users it should be a deny rule, and should be before the allow rule.
02-24-2017 05:43 PM
If you want to block users it should be a deny rule, and should be before the allow rule.
02-25-2017 11:16 AM
It appears that I am not able to select Intrusion or File Policy unless the rule is an allow rule. It seems like the "Allow" means allow it to firepower but that the Intrusion and File Policy will take affect if included in the allow rule?
Thanks
02-25-2017 11:22 AM
The file policy should specify to block malware.
02-25-2017 11:54 AM
Thanks Philip. I am able to show some Malware being blocked but other say disposition unknown. This is when I am running through the Fortinet Tests. I am not sure what their site does but supposedly tests multiple levels of compressed and zipped files. The only test that runs successfully is the text file. I am not sure that I can truest it. The Eicar test file gets blocked. I think it is working but I just wanted a better way to verify. Thanks for your help.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide