Guest

Preview Tool

Cisco Bug: CSCvs67938 - Not Block URL if ACP has SI URL objects already used in SI Global lists

Last Modified

May 05, 2020

Products (1)

  • Cisco Firepower Management Center

Known Affected Releases

6.2.3.14 6.4.0

Description (partial)

Symptom:
If URL list is added to Global SI Black list object, no URL but the first one, will actively be blocked as expected.

E.g. If Global-Blacklist-for-URL has more than one URL item:

Yahoo.com
cnn.com
bbc.com 

Only Yahoo.com will be blocked.

Might see : y.y.y.y-24495 > x.x.x.x-443 6 AS 3 I 0 URL SI: skipping until HTTPS flow gets decrypted

In system support trace

Conditions:
1. Under Policies > Access Control, selected the "Security Intelligence" tab and configured a "Global-Blacklist-for-URL" containing URLs 


2. Add more than two URLs

E.g. If Global-Blacklist-for-URL has more than one URL item:

Yahoo.com
cnn.com
bbc.com


Only Yahoo.com will be blocked.

Might see : y.y.y.y-24495 > x.x.x.x-443 6 AS 3 I 0 URL SI: skipping until HTTPS flow gets decrypted

In system support trace
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.