Showing results for 
Search instead for 
Did you mean: 


URL Filtering Web Based Email pre-build Category ignored.

I am using ASA5515X (Software version: 9.6(1), ASDM: 7.6(1)) . Firepower software version: 6.0.1-29

I have a problem with the build in url filtering category "Web Based Email".

If i do a rule that BLOCK WITH RESET or simply DENY to all the "Web Base Email", clients "ignore the rule" and surf to all email websites  (ES :  Gmail Webmail or Yahoo webmail)

Meanwhile if I manually create URL (Gmail) and add the site "" then add to my access control policy instead of the Pre-build category "Web Base email", my URL category, it works. Clients receive the Cisco webpage that access is denied.

My workaround is to create a list of all website email then add that URL list to my access control policy !!!


I want to do this with my Cisco 5515 that has (NOT EXPIRED) Url Filtering and AMP.

Any help ??

Thanks a lot.

Leonardo Butelli

Cisco Employee

Hi Leonardo,

This looks like a problem with categorization. Basically the firepower doesn't have the URL category database downloaded or isn't able to perform dynamic lookup and due to that categorization is failing.

Please check and go through this link and perform the troubleshooting for url issues.

If performing all of these steps doesn't resolve the issue or you don't see any problem with any tests then I would suggest to open a TAC case.

Hope it helps.


Hi Yogesh, Thanks a lot for your quick reply.

I use ASDM to control Firepower.

The article you mentioned me has already been visitedby me without success.

I can't find :

In order to enable the URL Filtering Monitor module, go to the Health Policy Configuration page, choose URL Filtering Monitor. Click the On radio button for the Enabled option in order to enable use of the module for health status testing. You must apply the health policy to the FireSIGHT Management Center if you want your settings to take effect.

Where is the Health Policy Configuration page ???? How do i enable or check the Url filtering Monitor ???

Thanks a lot

So that article is for firesight management center. If you are using ASDM then you can ignore the health policy field.

Did you login to the firepower CLI and check if its able to resolve the name to IP  and access these 2 URLs on port  Try telnet on 80  Try telnet on 443

Thanks but i had already tryed.

YES both of them works.

Any help ???


It might require a TAC case then. You can check  the following files for error though in CLI


>cat /var/log/messages |grep CloudAgent

see is there are errors and if yes what are those.


could you try the below options and see if Url categorization works :

if you are running version 5.4 then go to ASDM firepower configuration tab ->system ->local-> configuration

click on cloud services and check if url database cloud is updated

if you are running 6.0 then aane option will be available under ASDM firepower configuration tab-> tools -> integration-> Cisco CSI

rate if it helps.




Did you ever get this working? I'm interested as I have a similar issue.

Recognize Your Peers
Content for Community-Ad