Solved: Thanks Philip. I am able to

mabouchard · ‎02-24-2017

So I am having issues getting URL filtering to work. I have an ASA 5506-x and manage with ASDM. I have a default inspection rule that is an allow rule. When I added URL filtering to this rule it did not work. I then started thinking that the URL rule needed to be a separate rule that was a deny rule. I have tried putting it before the allow rule and after it. Can anyone tell me if the URL rule should be a deny rule and if it matters what order these rules are in? Sorry I am new to Firepower.

Philip D'Ath · ‎02-24-2017

If you want to block users it should be a deny rule, and should be before the allow rule.

View solution in original post

Philip D'Ath · ‎02-24-2017

If you want to block users it should be a deny rule, and should be before the allow rule.

mabouchard · ‎02-25-2017

It appears that I am not able to select Intrusion or File Policy unless the rule is an allow rule. It seems like the "Allow" means allow it to firepower but that the Intrusion and File Policy will take affect if included in the allow rule?

Thanks

Philip D'Ath · ‎02-25-2017

The file policy should specify to block malware.

mabouchard · ‎02-25-2017

Thanks Philip. I am able to show some Malware being blocked but other say disposition unknown. This is when I am running through the Fortinet Tests. I am not sure what their site does but supposedly tests multiple levels of compressed and zipped files. The only test that runs successfully is the text file. I am not sure that I can truest it. The Eicar test file gets blocked. I think it is working but I just wanted a better way to verify. Thanks for your help.

URL Filtering and Rule Order Question