FirePower has Feature Called URL Filtering.
There are two types -
1- Manual: - Create URL Manually by using object
- Does NOT Require License
2- Catagory - it will be built in Firepower Database and create URL Catagory for
multiple URLs that have the same characteristics such as Social media.
- Require license
How URL Filtering based on Catagory Works?
What happens if FTD did not receive the URL category within a specific time?
it will keep sending the request which affects the Firepower Resource /
Solution?
as per Cisco Recommendation - Retry URL Cache miss Lookup is required to be disabled.
Meaning: the Firepower will accept/allow the uncategorized URL in the initial request. then later once it receives the update from CSI, it will re-categorized the URL and enforce the policy
- Before Start the lab: you need to make sure that FMC can reach
Telnet database.brightcloud.com 443
service.brightcloud.com 80
LAB
Result :
after I fix the connection of FMC to go to the cloud via FTD - I will talk about this case in a separate Post. I found the FMC can categorize Facebook as social Media.
- FP logs show that Facebook is BLOCKED.
*
Regards
Abdulfattah