I do have a rule.  In the access control policy I have a rule set it to "interactively block with reset" for several categories (gambling, porn) as well as a custom object.  I also have a rule right above this one to "monitor" for the same categories.  

It seems like Firesight is trying to block the page as it logs the action correctly, but I never see the block page and like I mentioned it eventually loads.

Because you have chosen the interactive block it allows the client to 'click through' or simply refresh their webpage and essentially ignore the blocking action. What is likely happening for you is that the browser is automatically refreshing and rebuilding the connection. If you look at your connection events you should see a block for the first connection attempt followed by an allowed on the refresh.

Now as to the reason you aren't seeing the interactive block message there are a few possibilities.

Note that in the following situations, the response page does not appear and traffic is blocked without interaction, even if the session matches an Interactive Block rule:

• if the session was or is encrypted; this includes sessions decrypted by the system

• after a connection has been established and allowed to flow for a few packets so the system can inspect it for requested URLs and application details

 I have seen some funky behavior with the response pages as well on the ASA w/ Firepower so if anyone has some more insight there I'd love to see it.

I managed to get the URLs blocked by changing the action to "block".  I still do not get a block page, the blocked URL just doesn't load.

I like the Firesight product so far, but I think the URL filtering has room for A LOT of improvement.  I was hoping to replace of my current expensive, bloated web filtering product, but I wont be able to with the current state of the software right now.

Fairly familiar with the product, but if you create a customize block page, would that work?

I'm having real issues with these modules. Even with a simple policy they don't seem to be reliable.

I've installed/migrated/upgraded the appliances and have no such issues, but every SFR module I've put in is becoming a nightmare.

I've found that the only time an interactive block page is presented is when a static URL is specified, if it involves a cloud lookup then it just doesn't load the page at all, as if the reset is sent without the "interactive" part. Another issue our customer is experiencing is that when a category is set to block and reset, the initial page loads but when navigating further it then provides the block. As you can imagine some webpages show some explicit content on the home page and this is unacceptable in my opinion. 

I'm also seeing lots of issues with ASDM managed modules in that lots of GUI glitches are happening when looking at the configuration or monitoring pages, but only on the firepower sections.

This is causing lots of frustration and needs sorting out.