Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Cisco Employee

Defense Center generates alerts on "URL filtering download failure"

I am receiving the following health alerts continuously on my Sourcefire Defense Center running software version 5.2. How can I stop this alert?

URL filtering download failure

Everyone's tags (1)
1 ACCEPTED SOLUTION

Accepted Solutions
New Member

I have the same error and TAC

I have the same error and TAC hasn't figure why the downloading is having an error. This seems like a problem that would come from a $200 dollar device without a good manufacture. This is the first I've experience this type of service from an Cisco device.

18 REPLIES
Cisco Employee

ReasonThis issue may occur on

Reason

This issue may occur on a Sourcefire appliance after the URL filtering license is removed or expired. It affects all appliances running software version 5.2.x.

 

Solution

This issue is resolved in software version 5.3.0. Please update the software version of your Sourcefire appliance to 5.3.0 or greater to resolve this issue.

New Member

Well the issue is back on 5.4

Well the issue is back on 5.4.1.2, and TAC has no answer. If anyone ever had this and figured out what it may be, please let me know.

Thanks

Tomasz 

New Member

I have same issue with Same

I have same issue with Same version 5.4.1.2 . Module URL Filtering Monitor: URL Filtering download failure . Any update from Cisco TAC  ?..

I have same issue with

I have same issue with version 5.3.1.5 URL Filtering download failure any updates??
New Member

I got the same URL Filtering

I got the same URL Filtering download failure on a version 6.0.0 (build 1005).

Something new about this issue?

Cisco Employee

URL filtering download

URL filtering download failures can be due to a variety of reasons: connectivity, packet malformation along the path, etc.. Please open a TAC case so that they can review your logs to identify why the download failed and provide you with a solution

New Member

I have the same error and TAC

I have the same error and TAC hasn't figure why the downloading is having an error. This seems like a problem that would come from a $200 dollar device without a good manufacture. This is the first I've experience this type of service from an Cisco device.

New Member

Hi kpendleton

Hi kpendleton

After establishing a scheduled (daily) update the FireSight got the correct URL updated. This is still version 6.0.

Afterwards I've updated with patch 6.0.0.1 and the update runs correctly.

New Member

where can i set it for Daily

where can i set it for Daily Download?

At "Updates\Rule Updates"?

When i watch here

hhttp://www.cisco.com/c/en/us/support/docs/security/firesight-management-center/117956-technote-sourcefire-00.html

I just found places to activate not to set a schedule...

New Member

check my attachment , its on

check my attachment , its on V 6

but as i remember its close to it

New Member

Hm.. I configured this, but

Hm.. I configured this, but no rules are downloaded...

I try the 4 steps of Cloud Connectivity Issues, at:

http://www.cisco.com/c/en/us/support/docs/security/firesight-management-center/118852-technote-firesight-00.html

everything ok, but I still get:

"URL filtering download failure"

and Syslogs say:

Aug 30 2016 16:05:18 IRSFIREPOWER SF-IMS[18786]: [18790] CloudAgent:cloud_config [INFO] Peer with active URLFiltering: eea1c65c-644b-11e6-a895-f5552129ae4f

When I watch at: /var/sf/cloud_download

an wenn I search for bdcb or .bin files i dont found anything...

(???)

New Member

i had same as your issue ,

i had same as your issue , but i found out that i add the IP of the FirePOWER  under one of my rules that dont allow him to get updates . so i allowed him for all and that ssolved the issue for me.

Note : i had other issues with FireSIGHT Virtual Appliance it self and solved it by redeploy new one.

New Member

The System is just a

The System is just a testsystem so far, ich wanted to set it productive these days, when i put all settings to any-any then i got no Download, too... :-(

New Member

you should check if you have

you should check if you have proxy in ur network , if you  have one you should configure the firepower for it , if not then  you should contact your reseller or cisco TACto help out in this.

New Member

Hm...ok, we've set the proxy

Hm...ok, we've set the proxy at the Firepower, for weeks... so it seems, i need to open a ticket... :-/

Cisco Employee

Hi ,

Hi ,

Try this :

Escalate the privilege to root on Defense center : sudo su

Root > curl –vvk database.brightcloud.com
Root> curl –vvk service.brightcloud.com

See what do you get , also check /var/log/messages and you will see errors related to cloud lookups . For proxy the IP of the Firesight Manager and the sensor need to be whitelisted on the proxy.

Regards,

Aastha Bhardwaj

Rate if that helps!!!

New Member

 i have the same issue , i am

 i have the same issue , i am running 6.0.1

also i get this from the  syslog for some connectons

Sinkhole: Unknown, URLCategory: Unknown, URLReputation: Risk unknown

New Member

I have this issue also, 5506

I have this issue also, 5506 running 6.01.  Did anyone ever get a resolution?

3666
Views
21
Helpful
18
Replies
CreatePlease to create content