This issue is due to the presence of Cisco bug ID CSCse55931.
This problem occurs when the firewall is configured to filter URLs through Websense or N2H2 and has the url-block blockcommand enabled, then available 1550 byte blocks can deplete. This results in a disruption of communication between the firewall and the Websense server.
When this issue occurs, the PIX/ASA firewall does not send the URL Lookup_Request or Status_Request to the Websense server, which results in HTTP traffic blockage.
In order to resolve this issue, disable the url-block block command.
The url-block block < block_buffer > command creates an HTTP response buffer in order to store web server responses while it waits for a filtering decision from the filtering server. The permitted values range from 1 to 128. This specifies the number of 1550-byte blocks to use.
This issue is fixed in PIX/ASA firewall version 7.2(2) and later, which can be downloaded from the Software Download Center.
Hello,We have just upgraded FTD 2110 firewall to firmware version 6.6.1. Since the AC element count is 800k, FMC shows a warning message "the number of access list elements generated for the access control policy exceeds the limit for this platform", sugg...
So I have come to learn that AMP doesn't have features that I am accustom to. Is there a way, beside creating more policies, to apply an exclusion to a single system? I am needing to create a 5 separate exclusion for my backup software. The machine f...
If my firewall can route to a certain subnet that I haven't included in my split tunnel, any authorized user can add that route by open connect Linux app and get into my network, how can we enforce only the split tunnel ACL subnets to get in? Thanks
We created rules to block inbound and outbound traffic using a geolocation object. Both rules were at the top of the ACP, and were basically inverse of each other. The rules were set up as follows:----------------------------------------------------------...
Hi all, I have an ASA 5525x with PC-A on the INSIDE network with IP address 10.20.32.40. PC-B is in DMZ with an IP address of 10.20.30.10. The security level for INSIDE is 100 and DMZ is 50. I have rules to allow PC-A to communicate with...