Whitelist/Blacklist IP’s and URL’s in FMC

Welcome back! Today we will learn how to Whitelist/Blacklist IP addresses and URL’s on your Cisco FMC. Lets get logged into our FMC and get to work!

Step one, is to click on the “Analysis” tab à Connections/Events.

This will show you a list of IP’s and URL’s that FMC, is seeing.

Next, right click on any IP address you want to either Whitelist or Blacklist. This will bring up a dropdown menu that should show you an option to Whitelist or Blacklist the IP. It will then ask you to confirm.

  1. You can verify the added Whitelist IP by going to the Objectstab > Object Management > Security Intelligence (On left side pane) > Network Lists and Feed > Global-Whitelist > edit (pencil icon).

(Please see screenshot below)

You can either double click on “Global-Whitelist” or click the edit pencil on the far right to view the list of Whitelisted IP’s.

A second way to do this is the following:

  1. Create a Text file listing all the IP addresses you would like to White/Blacklist and Save locally to your PC.
  • Log into FMC and go to Objects > Object Management > Security Intelligence > Network Lists and Feed > click Add Network Lists and Feeds on the top right of the screen.
  • Here you can create a name for the list of IP’s you made.
  • In the second dropdown menu, choose the option “List”.
  • Now, click “Browse” and search for the list you created on your local PC.
  • Click “Upload” and Save.

Now, go to the Policies tab on top of the page> Access Control > Click on your Access Control Policy.

After clicking on your Access Control Policy, click on the Security Intelligence tab on the upper left.

  • Under the “Available Objects” list on the far left, search for the name of the list you created. It should now come up as an item on the list.
  • Click the name of the list you created and in the middle of the page, you will see two options like below:

Finally, click Save. You can now deploy your changes to the FTD’s.

If you have any questions, please feel free to reach out, I would be happy to assist.

Thank you!