troubleshooting Question

How do I unblock a Blacklisted IP in Cisco Firepower?

Avatar of Brian Gorsky
Brian GorskyFlag for United States of America asked on
Hardware FirewallsCiscoNetworking
6 Comments1 Solution47 ViewsLast Modified:
I have a Cisco ASA 5525 with the FirePower module. I manage it through the CIsco Firepower Mgmt Center for VMWare. We had gotten an alert (below) and I right-clicked on the entry and blacklisted the IP. I have since determined it was likely a false positive but cannot figure out how to unblock the IP.
 
"MALWARE-CNC PCRat variant outbound connection" [Impact: Unknown] From "PDASAFIREPOWER" at Thu Apr  2 22:11:12 2020 UTC [Classification: A Network Trojan was Detected] [Priority: 1] {tcp} 166.151.xxx.xxx:59525 (united states)->172.20.xxx.xxx:1901 (unknown)
I removed it from the Global-Blacklist and added it to the Global-Whitelist but it is still being blocked when I look in the Connection Events. The reason for the block is "IP Block" - when I right-click on the entry and click Exclude, it doesn't seem to do anything.
ASKER CERTIFIED SOLUTION
Brian Gorsky
IT Support

Our community of experts have been thoroughly vetted for their expertise and industry experience.

Join our community to see this answer!
Unlock 1 Answer and 6 Comments.
Start Free Trial
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 1 Answer and 6 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros