I have recently deployed two ASA in Active/Standby failover mode. When a users goes to a site such as hotmail.com, the connection appears to be blocked, generating the syslog message below.
Sep 17 13:12:19 gateway-fw-i %ASA-5-304002: Access denied URL SRC 10.X.X.X DEST 22.214.171.124 on interface inside
Sep 17 13:12:20 gateway-fw-i %ASA-6-302014: Teardown TCP connection 1807606 for outside:126.96.36.199/80 to inside:10.X.X.X/1847 duration 0:00:03 bytes 1393 Flow closed by inspection
However, hitting F5 seems to bypass the filter. Has anyone seen this issue before? The url server is Websense and the filtering config is listed below.
url-server (inside) vendor websense host 10.x.x.x timeout 30 protocol TCP version 4 connections 25
url-cache dst 128
filter url http 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 allow
filter url 443 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 allow
url-block block 128
The code is Cisco Adaptive Security Appliance Software Version 7.0(6)