cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

1154
Views
0
Helpful
7
Replies
Highlighted
Beginner

URL Filtering Web Based Email pre-build Category ignored.

I am using ASA5515X (Software version: 9.6(1), ASDM: 7.6(1)) . Firepower software version: 6.0.1-29

I have a problem with the build in url filtering category "Web Based Email".

If i do a rule that BLOCK WITH RESET or simply DENY to all the "Web Base Email", clients "ignore the rule" and surf to all email websites  (ES :  Gmail Webmail or Yahoo webmail)

Meanwhile if I manually create URL (Gmail) and add the site "gmail.com" then add to my access control policy instead of the Pre-build category "Web Base email", my URL category, it works. Clients receive the Cisco webpage that access is denied.

My workaround is to create a list of all website email then add that URL list to my access control policy !!!

Unbelievable.

I want to do this with my Cisco 5515 that has (NOT EXPIRED) Url Filtering and AMP.

Any help ??

Thanks a lot.

Leonardo Butelli

7 REPLIES 7
Highlighted
Cisco Employee

Hi Leonardo,

This looks like a problem with categorization. Basically the firepower doesn't have the URL category database downloaded or isn't able to perform dynamic lookup and due to that categorization is failing.

Please check and go through this link and perform the troubleshooting for url issues.

http://www.cisco.com/c/en/us/support/docs/security/firesight-management-center/118852-technote-firesight-00.html

If performing all of these steps doesn't resolve the issue or you don't see any problem with any tests then I would suggest to open a TAC case.

Hope it helps.

Yogesh

Highlighted

Hi Yogesh, Thanks a lot for your quick reply.

I use ASDM to control Firepower.

The article you mentioned me has already been visitedby me without success.

I can't find :

In order to enable the URL Filtering Monitor module, go to the Health Policy Configuration page, choose URL Filtering Monitor. Click the On radio button for the Enabled option in order to enable use of the module for health status testing. You must apply the health policy to the FireSIGHT Management Center if you want your settings to take effect.

Where is the Health Policy Configuration page ???? How do i enable or check the Url filtering Monitor ???

Thanks a lot

Highlighted

So that article is for firesight management center. If you are using ASDM then you can ignore the health policy field.

Did you login to the firepower CLI and check if its able to resolve the name to IP  and access these 2 URLs on port

service.brightcloud.com  Try telnet on 80

database.brightcloud.com  Try telnet on 443

Highlighted

Thanks but i had already tryed.

YES both of them works.

Any help ???

Highlighted

Hi

It might require a TAC case then. You can check  the following files for error though in CLI

>expert

>cat /var/log/messages |grep CloudAgent

see is there are errors and if yes what are those.

Highlighted

Hi,

could you try the below options and see if Url categorization works :

if you are running version 5.4 then go to ASDM firepower configuration tab ->system ->local-> configuration

click on cloud services and check if url database cloud is updated

if you are running 6.0 then aane option will be available under ASDM firepower configuration tab-> tools -> integration-> Cisco CSI

rate if it helps.

Thanks,

Ankita

Highlighted

Bnnetwork,

Did you ever get this working? I'm interested as I have a similar issue.

Content for Community-Ad