03-09-2019 01:14 AM - edited 02-21-2020 08:55 AM
Hi everyone, first of all i'm very new at cisco firewall so i may have made big mistakes in my configuration. I'm trying to configure a Firepower ASA 5506-X to use the URL Filtering for blocking access to some websites.
Everything goes well, i followed the explanation on Cisco Website:
- I updated my ASA and ASDM
- I created a service policy rules (match any) to redirect the traffic to the Firepower
- I created a new rule
- Saved everything and Deploy
But nothing happens. I can still access to everything i tried to block. I also notice in ASA Firepower Reporting that nothing move like i didn't redirect the traffic. A little help will be appreciate, thanks.
Solved! Go to Solution.
03-11-2019 02:37 AM - edited 03-11-2019 03:34 AM
Hi again, i discover an odd thing. In the monitoring of the ASAFirepower, it shows the connection at Youtube.com as blocked as i wanted but in fact i can still navigate. After some testing i noticed that i seems to work on Edge but not in Chrome.
EDIT: The problem is solved. Just wanted to share it in case somebody need it. The configuration was fine but i was only testing with Chrome and Youtube as URL. There is a known issue i found in Cisco Bug Search Tool and there is a workaround for Chrome and Youtube by disabling QUIC.
Thanks everybody.
03-09-2019 09:17 PM
In your Rules.JPG attachment it shows the box for "Enable ASA Firepower for this traffic flow" as unchecked. It needs to be checked.
03-10-2019 07:29 AM - edited 03-10-2019 07:29 AM
hi, marvin is correct. you'll need to redirect traffic to the FP module for inspection. see helpful link:
http://wannabecybersecurity.blogspot.com/2019/01/cisco-asa-firepower-traffic-redirection.html
i would also suggest adding a top most rule (rule #1) to allow DNS. see helpful link:
http://wannabecybersecurity.blogspot.com/2019/02/configuring-cisco-firepower-access.html
03-11-2019 01:03 AM
03-11-2019 02:37 AM - edited 03-11-2019 03:34 AM
Hi again, i discover an odd thing. In the monitoring of the ASAFirepower, it shows the connection at Youtube.com as blocked as i wanted but in fact i can still navigate. After some testing i noticed that i seems to work on Edge but not in Chrome.
EDIT: The problem is solved. Just wanted to share it in case somebody need it. The configuration was fine but i was only testing with Chrome and Youtube as URL. There is a known issue i found in Cisco Bug Search Tool and there is a workaround for Chrome and Youtube by disabling QUIC.
Thanks everybody.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide