troubleshooting Question

How do I unblock a Blacklisted IP in Cisco Firepower?

Avatar of Brian Gorsky
Brian GorskyFlag for United States of America asked on
NetworkingHardware FirewallsCisco
6 Comments1 Solution46 ViewsLast Modified:
I have a Cisco ASA 5525 with the FirePower module. I manage it through the CIsco Firepower Mgmt Center for VMWare. We had gotten an alert (below) and I right-clicked on the entry and blacklisted the IP. I have since determined it was likely a false positive but cannot figure out how to unblock the IP.
 
"MALWARE-CNC PCRat variant outbound connection" [Impact: Unknown] From "PDASAFIREPOWER" at Thu Apr  2 22:11:12 2020 UTC [Classification: A Network Trojan was Detected] [Priority: 1] {tcp} 166.151.xxx.xxx:59525 (united states)->172.20.xxx.xxx:1901 (unknown)
I removed it from the Global-Blacklist and added it to the Global-Whitelist but it is still being blocked when I look in the Connection Events. The reason for the block is "IP Block" - when I right-click on the entry and click Exclude, it doesn't seem to do anything.
Join the community to see this answer!
Join our exclusive community to see this answer & millions of others.
Unlock 1 Answer and 6 Comments.
Join the Community
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 1 Answer and 6 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros