https://community.cisco.com/t5/network-security/asa-firepower-trust-action-problem/m-p/3859566#M925724 <P>Rather than have the ASA software direct that server traffic to the SFR you could add a deny entry at the top of the redirect ACL for that specific server so it does not get sent to the Firepower module.</P> Mon, 20 May 2019 17:54:14 GMT GRANT3779 2019-05-20T17:54:14Z https://community.cisco.com/t5/network-security/asa-firepower-trust-action-problem/m-p/3859314#M925723 <P>Hi all,</P><P>I have 2 ASA5525x with Firepower module installed. Because these firewall are dedicated for servers I have "Permit IP any any" rule with IPS and AMP enabled. Infosec department required to exclude one of their servers which they use for scanning. Although I created a "Trust IP HOST any rule above" previous one, it didnot work. All scans hit Permit ALL rule with inspection. I searched a bit and learned that I have to create another trust rule for response traffic. I wonder why this is required? Okay i understand that it passes further inspections such as IPS and AMP but i wonder why it doesnt do basic L3 inspection?</P> Fri, 21 Feb 2020 17:08:54 GMT https://community.cisco.com/t5/network-security/asa-firepower-trust-action-problem/m-p/3859314#M925723 orkhan.rustamli.96 2020-02-21T17:08:54Z https://community.cisco.com/t5/network-security/asa-firepower-trust-action-problem/m-p/3859566#M925724 <P>Rather than have the ASA software direct that server traffic to the SFR you could add a deny entry at the top of the redirect ACL for that specific server so it does not get sent to the Firepower module.</P> Mon, 20 May 2019 17:54:14 GMT https://community.cisco.com/t5/network-security/asa-firepower-trust-action-problem/m-p/3859566#M925724 GRANT3779 2019-05-20T17:54:14Z