03-09-2019 01:14 AM - edited 02-21-2020 08:55 AM
Hi everyone, first of all i'm very new at cisco firewall so i may have made big mistakes in my configuration. I'm trying to configure a Firepower ASA 5506-X to use the URL Filtering for blocking access to some websites.
Everything goes well, i followed the explanation on Cisco Website:
- I updated my ASA and ASDM
- I created a service policy rules (match any) to redirect the traffic to the Firepower
- I created a new rule
- Saved everything and Deploy
But nothing happens. I can still access to everything i tried to block. I also notice in ASA Firepower Reporting that nothing move like i didn't redirect the traffic. A little help will be appreciate, thanks.
Solved! Go to Solution.
03-11-2019 02:37 AM - edited 03-11-2019 03:34 AM
Hi again, i discover an odd thing. In the monitoring of the ASAFirepower, it shows the connection at Youtube.com as blocked as i wanted but in fact i can still navigate. After some testing i noticed that i seems to work on Edge but not in Chrome.
EDIT: The problem is solved. Just wanted to share it in case somebody need it. The configuration was fine but i was only testing with Chrome and Youtube as URL. There is a known issue i found in Cisco Bug Search Tool and there is a workaround for Chrome and Youtube by disabling QUIC.
Thanks everybody.
03-09-2019 09:17 PM
In your Rules.JPG attachment it shows the box for "Enable ASA Firepower for this traffic flow" as unchecked. It needs to be checked.
03-10-2019 07:29 AM - edited 03-10-2019 07:29 AM
hi, marvin is correct. you'll need to redirect traffic to the FP module for inspection. see helpful link:
http://wannabecybersecurity.blogspot.com/2019/01/cisco-asa-firepower-traffic-redirection.html
i would also suggest adding a top most rule (rule #1) to allow DNS. see helpful link:
http://wannabecybersecurity.blogspot.com/2019/02/configuring-cisco-firepower-access.html
03-11-2019 01:03 AM
03-11-2019 02:37 AM - edited 03-11-2019 03:34 AM
Hi again, i discover an odd thing. In the monitoring of the ASAFirepower, it shows the connection at Youtube.com as blocked as i wanted but in fact i can still navigate. After some testing i noticed that i seems to work on Edge but not in Chrome.
EDIT: The problem is solved. Just wanted to share it in case somebody need it. The configuration was fine but i was only testing with Chrome and Youtube as URL. There is a known issue i found in Cisco Bug Search Tool and there is a workaround for Chrome and Youtube by disabling QUIC.
Thanks everybody.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: