Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new article
Bookmark
|
Subscribe
|
14925
Views
0
Helpful
11
Comments

ASA FirePOWER URL filtering not working

fgaromania
Community Member

‎04-22-2016 03:06 AM - edited ‎03-08-2019 06:59 PM

Hello everyone!

I have an annoying situation with the URL filter.... but this is the scenario:


One ASA 5516-X box with ASA Version 9.6(1).
Licenses: for Protection, Control, URL Filtering and Malware

After redirected all traffic to the FirePOWER module I made one Policy with 2 standard rules:
1 - Allow LAN - Monitor
2 - URL filter (Social Network, Gambling) - Block

I tried many but URL filtering it's not working, it doesn't block Facebook or any gambling site.

Do you have any idea?

Thanks in advance!

Daniel.

Labels:
acl.jpg
Preview file
185 KB
licenses.jpg
Preview file
193 KB
device_information.jpg
Preview file
31 KB
0 Helpful
Comments
fgaromania
Community Member
‎04-22-2016 05:18 AM

The FirePOWER URL filter works ok only if I add an URL as an individual object. But we need to block URLs by web category..

Thanks.

pr3d4t0r_gr
Level 1
Level 1
‎04-25-2016 01:18 AM

Switch the rule order and it will work.

fgaromania
Community Member
‎04-25-2016 04:11 AM

I already did it ...but I get the same result. It seems I have a connectivity problem with the cloud database. I will let you know where was the problem. Thx anyway!

fgaromania
Community Member
‎04-28-2016 12:07 AM

Works well after I entered the dns information into the FirePOWER module..

Thanks 

ross_rulz
Level 1
Level 1
‎05-30-2016 09:44 PM

fgaromania where did you put the DNS setting's for the Firepower? 

fgaromania
Community Member
‎05-30-2016 10:47 PM

Follow this link http://www.cisco.com/c/en/us/support/docs/security/asa-firepower-services/118644-configure-firepower-00.html#anc10

You have to pay attention at "Set Up the ASA SFR Boot Image" line.

lvivier
Level 1
Level 1
‎09-11-2017 02:55 AM

Hello,

I have a similar issue.

If I add an URL manually I can see in ADSM console that sfr is dropping the connection.

But with the categories (I've tried shopping, adult and social) sfr does not block.

I run ASA 9.7(1), ASDM 7.7(1)150 and ASA FirePower 6.2.2-81

I've checked the steps from this note https://www.cisco.com/c/en/us/support/docs/security/firesight-management-center/118852-technote-firesight-00.html?referring_site=RE&pos=2&page=https://www.cisco.com/c/en/us/support/docs/security/firesight-management-center/118791-technote-firesight-0... and it seems to be good.

What do I miss ?

Thank you.

 

Gingercringer1
Level 1
Level 1
‎04-04-2018 04:07 AM

Hi lvivier,

 

I have the same problem too on the same versions. Did you manage to getting it working? If so what did you have to do?

 

Many thanks. 

Eugen Bitca
Level 1
Level 1
‎10-05-2018 06:50 AM

Hello,

I have a similar issue.

Manually URL are dropping but categories are not.

 

Thanks

hfgdhgbcfgfdgv05612
Level 1
Level 1
‎03-11-2021 06:21 PM

Usually the URL database gets downloaded inside the Foresight after which it'll get up to date to module or Firepower devices.. If few casinofiles or library modules aren't yet updated in Firepower then you can face problem with the url categorization.

windowsgyaan91979
Level 1
Level 1
‎03-15-2021 06:44 AM

I have the same problem,  and I have only the protection and control license enabled. Do I need another license?

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Top