[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Cisco Firepower URL filtering not working

Posted on 2016-07-27
2
Medium Priority
?
415 Views
Last Modified: 2016-08-09
I have a pair of ASA5525's in Active/Standby.  For the past year, I've been running IPS on it, and I have a Virtual Defense Center setup in VMWare.  Last week I got a URL license for both  ASA's.   I installed the license, I assigned the license to my devices, I configured URL filtering, I applied my access control policy, and installed the user agent for AD.  All my AD users show up in the defense center and all looks like it should be working, but its not.  If I block a website or category for a specific user it doesn't block it, it just allows the user to go right through.  I opened a case up with TAC 3 days ago, after trouble shooting for a couple hours, he told me to upgrade to the latest version of 6.0, but I'm still having the problem.  My TAC engineer isn't in today, so we are going to resume working on it tomorrow.  In the mean time, I was wondering if anyone using Firepower URL filtering experienced anything similar and if so how they fixed it?  This doesn't seem like a hard task at all, but it doesn't seem to be working.  Let me know.  Thanks.
0
Comment
Question by:denver218
2 Comments
 
LVL 4

Accepted Solution

by:
Steven Roman earned 2000 total points
ID: 41741550
Hello,

Try blocking th website for all users and work backwards to the user.
The URL policies should operate the same as old Cisco ASA firewall rules Top - Down
Also check the logs to see why its going through.

I upgraded to 6.0 it takes a long time as Cisco is making alot changes and the upgrade needs to write the all the snort rules.  So prepare some time.
also make sure your sensors and ASA units are up to date.

Hope this helps

Thanks
0
 
LVL 4

Author Closing Comment

by:denver218
ID: 41748688
So after a few weeks it just started working.  Myself or Cisco TAC don't have an explanation.  I'm glad it works, but its scary not knowing what was wrong.
0

Featured Post

 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Will you be ready when the clock on GDPR compliance runs out? Is GDPR even something you need to worry about? Find out more about the upcoming regulation changes and download our comprehensive GDPR checklist today !
What monsters are hiding in your child's room? In this article I will share with you a tech horror story that could happen to anyone, along with some tips on how you can prevent it from happening to you.
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…
Suggested Courses

872 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question