cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

ASA FirePOWER URL filtering not working

9951
Views
0
Helpful
11
Comments

Hello everyone!

I have an annoying situation with the URL filter.... but this is the scenario:


One ASA 5516-X box with ASA Version 9.6(1).
Licenses: for Protection, Control, URL Filtering and Malware

After redirected all traffic to the FirePOWER module I made one Policy with 2 standard rules:
1 - Allow LAN - Monitor
2 - URL filter (Social Network, Gambling) - Block

I tried many but URL filtering it's not working, it doesn't block Facebook or any gambling site.

Do you have any idea?

Thanks in advance!

Daniel.

Comments
fgaromania
Community Member

The FirePOWER URL filter works ok only if I add an URL as an individual object. But we need to block URLs by web category..

Thanks.

pr3d4t0r_gr
Beginner

Switch the rule order and it will work.

fgaromania
Community Member

I already did it ...but I get the same result. It seems I have a connectivity problem with the cloud database. I will let you know where was the problem. Thx anyway!

fgaromania
Community Member

Works well after I entered the dns information into the FirePOWER module..

Thanks 

ross_rulz
Beginner

fgaromania where did you put the DNS setting's for the Firepower? 

fgaromania
Community Member

Follow this link http://www.cisco.com/c/en/us/support/docs/security/asa-firepower-services/118644-configure-firepower-00.html#anc10

You have to pay attention at "Set Up the ASA SFR Boot Image" line.

lvivier
Beginner

Hello,

I have a similar issue.

If I add an URL manually I can see in ADSM console that sfr is dropping the connection.

But with the categories (I've tried shopping, adult and social) sfr does not block.

I run ASA 9.7(1), ASDM 7.7(1)150 and ASA FirePower 6.2.2-81

I've checked the steps from this note https://www.cisco.com/c/en/us/support/docs/security/firesight-management-center/118852-technote-firesight-00.html?referring_site=RE&pos=2&page=https://www.cisco.com/c/en/us/support/docs/security/firesight-management-center/118791-technote-firesight-0... and it seems to be good.

What do I miss ?

Thank you.

 

Gingercringer1
Beginner

Hi lvivier,

 

I have the same problem too on the same versions. Did you manage to getting it working? If so what did you have to do?

 

Many thanks. 

Eugen Bitca
Beginner

Hello,

I have a similar issue.

Manually URL are dropping but categories are not.

 

Thanks

Usually the URL database gets downloaded inside the Foresight after which it'll get up to date to module or Firepower devices.. If few casinofiles or library modules aren't yet updated in Firepower then you can face problem with the url categorization.

I have the same problem,  and I have only the protection and control license enabled. Do I need another license?