<div>
Add that public IP address to the ACL in the ASA* as 'Deny' (yes I know that's the opposite of what you want), but then it wont get sent to the FirePOWER module for inspection<br><br>*The ACL that Firepower is using <br><br>P
</div>


<div>
Not sure by what you mean when you say &quot;The ACL that Firepower is using.&quot;<br />
<br />
I didn't configure the ASA or Firepower and my knowledge of both is kind of limited. In the ASA, the only place I see any Firepower information is on a tab next to the Device and Firewall Dashboards. <br />
<br />
If I go into Configuration &gt;&nbsp;Firewall, there is an access rule that Allows traffic from that public IP. If I deny it there, won't it block the device from all access? I thought that all configuration of the Firepower was done on the appliance that runs the Firepower Management Console?
</div>


<div>
No look at the firewall, config, you will have something that looks like this;<br><br><pre><code class="code-1 nolinks" id="code-20-43070034-1"><span>access-list SFR extended permit ip any any</span>
<span> class-map SFR</span>
<span> match access-list SFR</span>
</code></pre><br>So issue a&nbsp;<pre><code class="code-1 nolinks" id="code-20-43070034-2"><span>access-list SFR line 1 deny ip any host 166.151.xxx.xxx</span>
<span></span>
</code></pre><pre><code class="code-1 nolinks" id="code-20-43070034-3"><span>access-list SFR line 2 deny ip host 166.151.xxx.xxx any</span>
</code></pre>
</div>


<div>
I dont know why it formatted it like that the new UI is pants<br><br>
</div>


<div>
So I used putty and looked at the config on the 5525. The only references to SFR are below:<br />
<br />

<pre><code class="code-1 nolinks" id="code-20-43070059-1"><span>class-map SFR</span>
<span> match any</span>
</code></pre>
<br />

<pre><code class="code-1 nolinks" id="code-20-43070059-2"><span> class SFR</span>
<span>  sfr fail-open</span>
</code></pre>
</div>


<div>
<div class="content wysiwyg-content">
I have a Cisco ASA 5525 with the FirePower module. I manage it through the CIsco Firepower Mgmt Center for VMWare. We had gotten an alert (below) and I right-clicked on the entry and blacklisted the IP. I have since determined it was likely a false positive but cannot figure out how to unblock the IP.<br />
&nbsp;
<blockquote>
&quot;MALWARE-CNC PCRat variant outbound connection&quot; [Impact: Unknown] From &quot;PDASAFIREPOWER&quot; at Thu Apr &nbsp;2 22:11:12 2020 UTC [Classification: A Network Trojan was Detected] [Priority: 1] {tcp} 166.151.xxx.xxx:59525 (united states)-&gt;172.20.xxx.xxx:19<wbr />01 (unknown)
</blockquote>
I removed it from the Global-Blacklist and added it to the Global-Whitelist but it is still being blocked when I look in the Connection Events. The reason for the block is &quot;IP Block&quot; - when I right-click on the entry and click Exclude, it doesn't seem to do anything.
</div>
</div>


I have a Cisco ASA 5525 with the FirePower module. I manage it through the CIsco Firepower Mgmt Center for VMWare. We had gotten an alert (below) and I right-clicked on the entry and blacklisted the IP. I have since determined it was likely a false positive but cannot figure out how to unblock the IP.
 "MALWARE-CNC PCRat variant outbound connection" [Impact: Unknown] From "PDASAFIREPOWER" at Thu Apr  2 22:11:12 2020 UTC [Classification: A Network Trojan was Detected] [Priority: 1] {tcp} 166.151.xxx.xxx:59525 (united states)->172.20.xxx.xxx:1901 (unknown)
I removed it from the Global-Blacklist and added it to the Global-Whitelist but it is still being blocked when I look in the Connection Events. The reason for the block is "IP Block" - when I right-click on the entry and click Exclude, it doesn't seem to do anything.

How do I unblock a Blacklisted IP in Cisco Firepower?

Hardware-based firewalls provide more sophisticated protection for inbound and outbound traffic than the simple Windows software firewall or the basic NAT firewalls found in routers. These devices implement techniques such as stateful packet inspection, deep packet inspection, and content filtering; and may include built-in antivirus and anti-malware protection.

Hardware Firewalls

Cisco PIX is a dedicated hardware firewall appliance; the Cisco Adaptive Security Appliance (ASA) is a firewall and anti-malware security appliance that provides unified threat management and protection the PIX does not. Other Cisco devices and systems include routers, switches, storage networking, wireless and the software and hardware for PIX Firewall Manager (PFM), PIX Device Manager (PDM) and Adaptive Security Device Manager (ASDM).

Cisco

Networking is the process of connecting computing devices, peripherals and terminals together through a system that uses wiring, cabling or radio waves that enable their users to communicate, share information and interact over distances. Often associated are issues regarding operating systems, hardware and equipment, cloud and virtual networking, protocols, architecture, storage and management.