07-08-2018 11:52 PM - edited 02-21-2020 07:57 AM
Hello experts Once again I am here to discuss my issue with you guys. In my firesight whenever I add any rule for blocking URL's that rule has limit to add only 50 URL's in one rule. I need to know how to increase this limit because i don't want to add rule again and again when its 50 limit threshold has reached. Is there any possible solution?
07-09-2018 08:36 AM
Have you considered using a DNS list in Security Intelligence section as opposed to an URL filtering policy?
https://packetu.com/2016/07/03/understanding-firepower-dns-policies/
07-10-2018 09:49 PM
Thank you for your reply but I have checked the option it has ip blocking option but cannot block URL. I need to increase the URL counting more then 50 in rule set.
07-10-2018 11:44 PM
I don't know where you see the limitation on blocking URLs.
URLs are included in the custom feed options and they are quite scalable. As noted in the configuration guide:
"The number of entries you can include is limited by the maximum size of the file. For example, a URL list with no comments and an average URL length of 100 characters (including Punycode or percent Unicode representations and newlines) can contain more than 5.24 million entries."
07-11-2018 05:03 AM
thats great Marvin further can you share me the gui steps or any link for configure to block URLs
07-11-2018 05:49 AM
The 50 limit rule is when you add url's directly into the rule. This limitation is present for applications as well. In addition to what @Marvin Rhoads mentioned, you can create a url object group and add more than 50 url's to that. You can then call the url object group into the rule.
07-11-2018 10:51 PM
Great can you tell me how many URL's can be added in one URL object group?
07-12-2018 12:43 PM
I don't recall a limit on this. I have added 150+ URL's using API's to a single object.
07-12-2018 08:02 PM
07-13-2018 08:44 AM
Yes you can. You can manually add URL's like I have attached below:
You can also use API's under the FMC API explorer to add multiple URL's is one go. A sample of what I used is here:
{ "name": "Test_URL_Object", "literals": [ { "url": "cisco.com", "type": "Url" }, { "url": "apple.com", "type": "Url" } ], "type": "UrlGroup" }
07-13-2018 11:19 PM
07-16-2018 06:35 AM
is there any solution brother?
07-16-2018 07:19 AM
As Rahul noted, the GUI is one URL at a time.
If you want to do a bulk add then you would need to use the API and build a script to load them in all at once.
07-17-2018 04:00 AM
Thank you Marvin. Can you help me to open API explorer at firepower. I am new at it. I have tried several links on google for this but no luck can you explain this in detail?
07-17-2018 04:52 AM
https://blogs.cisco.com/security/how-to-get-started-on-programming-firepower-using-fmc-apis
API explorer URL:
https://<fmc_url>/api/api-explorer/
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide