https://community.cisco.com/t5/network-security/ftd-1010-traffic-no-action-policy/m-p/5236601#M1118206 <P>Hi all,</P><P>I've configured a Cisco FTD 1010 and I'm having a weird behavior happening. I've configured all the policies from inside to outside and the default action is to block.</P><P>I've configured several policies and I can see them being allowed and matching correctly, but then I saw this:</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Othacon_0-1734098826882.png" style="width: 400px;"><img src="https://community.cisco.com/t5/image/serverpage/image-id/235907i44D73CFE6D5898C4/image-size/medium?v=v2&amp;px=400" role="button" title="Othacon_0-1734098826882.png" alt="Othacon_0-1734098826882.png" /></span></P><P>&nbsp;</P><P>The default action of the firewall is to block. Why is the firewall not matching any traffic and putting the traffic in No Action??</P><P>Please anyone can help?</P><P>Thank you all</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P> Fri, 13 Dec 2024 14:14:01 GMT Othacon 2024-12-13T14:14:01Z https://community.cisco.com/t5/network-security/ftd-1010-traffic-no-action-policy/m-p/5236601#M1118206 <P>Hi all,</P><P>I've configured a Cisco FTD 1010 and I'm having a weird behavior happening. I've configured all the policies from inside to outside and the default action is to block.</P><P>I've configured several policies and I can see them being allowed and matching correctly, but then I saw this:</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Othacon_0-1734098826882.png" style="width: 400px;"><img src="https://community.cisco.com/t5/image/serverpage/image-id/235907i44D73CFE6D5898C4/image-size/medium?v=v2&amp;px=400" role="button" title="Othacon_0-1734098826882.png" alt="Othacon_0-1734098826882.png" /></span></P><P>&nbsp;</P><P>The default action of the firewall is to block. Why is the firewall not matching any traffic and putting the traffic in No Action??</P><P>Please anyone can help?</P><P>Thank you all</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P> Fri, 13 Dec 2024 14:14:01 GMT https://community.cisco.com/t5/network-security/ftd-1010-traffic-no-action-policy/m-p/5236601#M1118206 Othacon 2024-12-13T14:14:01Z https://community.cisco.com/t5/network-security/ftd-1010-traffic-no-action-policy/m-p/5236602#M1118207 <P>can I see show access-list of FTD</P> <P>MHM</P> Fri, 13 Dec 2024 14:16:49 GMT https://community.cisco.com/t5/network-security/ftd-1010-traffic-no-action-policy/m-p/5236602#M1118207 MHM Cisco World 2024-12-13T14:16:49Z https://community.cisco.com/t5/network-security/ftd-1010-traffic-no-action-policy/m-p/5236607#M1118208 <P>hi&nbsp;<a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/1065752">@MHM Cisco World</a>&nbsp;&nbsp;</P><P>unfortunately I really can't put the entire rule list, but I can put the last ones, please see below:</P><P>access-list NGFW_ONBOX_ACL line 34 remark rule-id 268435458: ACCESS POLICY: NGFW_Access_Policy<BR />access-list NGFW_ONBOX_ACL line 35 remark rule-id 268435458: L5 RULE: Blocked Traffic<BR />access-list NGFW_ONBOX_ACL line 36 advanced deny object-group |acSvcg-268435458 ifc inside any ifc outside any rule-id 268435458 event-log both (hitcnt=483795) (Last Hit=14:19:25 UTC Dec 13 2024) 0x7aae9053<BR />access-list NGFW_ONBOX_ACL line 36 advanced deny ip ifc inside any ifc outside any rule-id 268435458 event-log both (hitcnt=483795) (Last Hit=14:19:25 UTC Dec 13 2024) 0xe41ebd9d<BR />access-list NGFW_ONBOX_ACL line 37 remark rule-id 1: ACCESS POLICY: NGFW_Access_Policy<BR />access-list NGFW_ONBOX_ACL line 38 remark rule-id 1: L5 RULE: DefaultActionRule<BR />access-list NGFW_ONBOX_ACL line 39 advanced deny ip any any rule-id 1 event-log both (hitcnt=278693635) (Last Hit=14:19:26 UTC Dec 13 2024) 0x84953cae</P><P>&nbsp;</P><P>Since the rules are configured I would expect for them to match their respective policies, but from the image, the FTD is not matching some traffic with anything and it's putting it as No Action, and i really can't understand why. I even double on the deny action to no avail</P><P>&nbsp;</P><P>Thank you</P> Fri, 13 Dec 2024 14:28:19 GMT https://community.cisco.com/t5/network-security/ftd-1010-traffic-no-action-policy/m-p/5236607#M1118208 Othacon 2024-12-13T14:28:19Z https://community.cisco.com/t5/network-security/ftd-1010-traffic-no-action-policy/m-p/5236609#M1118210 <P>I will send you some hints about FTD ACL</P> <P>Thanks&nbsp;</P> <P>MHM</P> Fri, 13 Dec 2024 14:32:27 GMT https://community.cisco.com/t5/network-security/ftd-1010-traffic-no-action-policy/m-p/5236609#M1118210 MHM Cisco World 2024-12-13T14:32:27Z https://community.cisco.com/t5/network-security/ftd-1010-traffic-no-action-policy/m-p/5236987#M1118224 <P>This can happen when an access control rule has not finished evaluating a connection and at that point the connection just breaks our stops outside the firewall. At that point the rule was still pending and it logged the latest state it was evaluating at the time. If that’s what it is it’s possible you have an Application rule that requires more packets to be fully evaluated.&nbsp;<BR />Future versions will include this state as a new state as part of the Reason field to avoid confusion.&nbsp;</P> Sat, 14 Dec 2024 19:27:54 GMT https://community.cisco.com/t5/network-security/ftd-1010-traffic-no-action-policy/m-p/5236987#M1118224 ckleopa 2024-12-14T19:27:54Z