Hi,
I have installed in the company that I work, a ASA 5555 with FirePower, and configured Defense Center (FireSight) to access control web sites. And I see that for many times, the users must have use a refresh browser (F5) to access web sites.
In the first time to access the URL, the page is blocked, but the site is allowed to access (has a rule for this), and if you do a refresh (F5), the web site now is access with sucess. But it´s necessary try to access web site at least 2 times to get access.
I see that is happening only for rules that is controlled for AD Groups (by LDAP).
PS.: Attached here a example of this. See the block at 23:19:32 to URL: http://registro.br/ and after 23:19:33, the user uses a refresh in web page, and the URL is allowed.
Someone knows why this is happening?
Best regards,
Fábio Heidrich