I am using ASA5515X (Software version: 9.6(1), ASDM: 7.6(1)) . Firepower software version: 6.0.1-29
I have a problem with the build in url filtering category "Web Based Email".
If i do a rule that BLOCK WITH RESET or simply DENY to all the "Web Base Email", clients "ignore the rule" and surf to all email websites (ES : Gmail Webmail or Yahoo webmail)
Meanwhile if I manually create URL (Gmail) and add the site "gmail.com" then add to my access control policy instead of the Pre-build category "Web Base email", my URL category, it works. Clients receive the Cisco webpage that access is denied.
My workaround is to create a list of all website email then add that URL list to my access control policy !!!
I want to do this with my Cisco 5515 that has (NOT EXPIRED) Url Filtering and AMP.
Any help ??
Thanks a lot.
This looks like a problem with categorization. Basically the firepower doesn't have the URL category database downloaded or isn't able to perform dynamic lookup and due to that categorization is failing.
Please check and go through this link and perform the troubleshooting for url issues.
If performing all of these steps doesn't resolve the issue or you don't see any problem with any tests then I would suggest to open a TAC case.
Hope it helps.
Hi Yogesh, Thanks a lot for your quick reply.
I use ASDM to control Firepower.
The article you mentioned me has already been visitedby me without success.
I can't find :
In order to enable the URL Filtering Monitor module, go to the Health Policy Configuration page, choose URL Filtering Monitor. Click the On radio button for the Enabled option in order to enable use of the module for health status testing. You must apply the health policy to the FireSIGHT Management Center if you want your settings to take effect.
Where is the Health Policy Configuration page ???? How do i enable or check the Url filtering Monitor ???
Thanks a lot
So that article is for firesight management center. If you are using ASDM then you can ignore the health policy field.
Did you login to the firepower CLI and check if its able to resolve the name to IP and access these 2 URLs on port
service.brightcloud.com Try telnet on 80
database.brightcloud.com Try telnet on 443
It might require a TAC case then. You can check the following files for error though in CLI
>cat /var/log/messages |grep CloudAgent
see is there are errors and if yes what are those.
could you try the below options and see if Url categorization works :
if you are running version 5.4 then go to ASDM firepower configuration tab ->system ->local-> configuration
click on cloud services and check if url database cloud is updated
if you are running 6.0 then aane option will be available under ASDM firepower configuration tab-> tools -> integration-> Cisco CSI
rate if it helps.