https://community.cisco.com/t5/network-security/firepower-access-control-rule-for-tcp-session/m-p/3862071#M943248 <P>Hi Marvin,</P><P>&nbsp; We using transparent inline mode and using security zone on the interface Outside and Inside, and return packets are blocked when reaching to other security zone and TCP restrict is not enabled, any specific configuration required or do we need to create a TAC for this</P> Fri, 24 May 2019 03:55:32 GMT TM13 2019-05-24T03:55:32Z https://community.cisco.com/t5/network-security/firepower-access-control-rule-for-tcp-session/m-p/3852788#M943246 <P>Hello all,</P><P>&nbsp;</P><P>We have started implementing Firepower with FMC.</P><P>But every allow rule, we have to create reply incoming traffic rule for opposite direction. On older ASA, if we create one rule reply for that session is automatically allowed.</P><P>But now on Firepower our rule number is doubled.&nbsp;</P><P>Am i missing something, some configuration or proper way of doing things?</P> Fri, 21 Feb 2020 17:07:00 GMT https://community.cisco.com/t5/network-security/firepower-access-control-rule-for-tcp-session/m-p/3852788#M943246 telmuun erdenebaatar 2020-02-21T17:07:00Z https://community.cisco.com/t5/network-security/firepower-access-control-rule-for-tcp-session/m-p/3852862#M943247 <P>That should not be necessary.</P> <P>Firepower Threat Defense Access Control Policy Rules are the same as ASA Access Control List entries in that respect - both are for a stateful firewall which keeps a connection table of allowed traffic and will automatically allow the return half of the connection or flow.</P> Thu, 09 May 2019 04:50:28 GMT https://community.cisco.com/t5/network-security/firepower-access-control-rule-for-tcp-session/m-p/3852862#M943247 Marvin Rhoads 2019-05-09T04:50:28Z https://community.cisco.com/t5/network-security/firepower-access-control-rule-for-tcp-session/m-p/3862071#M943248 <P>Hi Marvin,</P><P>&nbsp; We using transparent inline mode and using security zone on the interface Outside and Inside, and return packets are blocked when reaching to other security zone and TCP restrict is not enabled, any specific configuration required or do we need to create a TAC for this</P> Fri, 24 May 2019 03:55:32 GMT https://community.cisco.com/t5/network-security/firepower-access-control-rule-for-tcp-session/m-p/3862071#M943248 TM13 2019-05-24T03:55:32Z https://community.cisco.com/t5/network-security/firepower-access-control-rule-for-tcp-session/m-p/3862857#M943249 <P>Hi,<BR />For transparent inline deployment, return rule is required as it is just inspecting(SNORT) the traffic which you are permitting to pass-through the firewall with source &amp; destination security zones.</P><P><A href="https://www.cisco.com/c/en/us/support/docs/security/firepower-ngfw/200924-configuring-firepower-threat-defense-int.html" target="_blank">https://www.cisco.com/c/en/us/support/docs/security/firepower-ngfw/200924-configuring-firepower-threat-defense-int.html</A></P><P>&nbsp;</P><P>Hope This Helps<BR />Abheesh</P> Sat, 25 May 2019 20:16:07 GMT https://community.cisco.com/t5/network-security/firepower-access-control-rule-for-tcp-session/m-p/3862857#M943249 Abheesh Kumar 2019-05-25T20:16:07Z https://community.cisco.com/t5/network-security/firepower-access-control-rule-for-tcp-session/m-p/3863162#M943250 <P>Hi Abheesh,</P><P>&nbsp; &nbsp;Thanks for answer, so as traditional FW connection it will check "Existing connection" and pass the L3/L4 rule but still would be blocked on SNORT's L7 rules? and that SNORT Rule is IPS? because we enabled both File Policy(Malware) and IPS, so every connection would be checked on FirePower? this Prefilter Fast-Path rule is also required new rules to bypass SNORT? or possible to align/tie o current rules?&nbsp;</P><P>&nbsp;</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="2019-05-27_1547.png" style="width: 999px;"><img src="https://community.cisco.com/t5/image/serverpage/image-id/37538i8289356F3C35EB94/image-size/large?v=v2&amp;px=999" role="button" title="2019-05-27_1547.png" alt="2019-05-27_1547.png" /></span></P> Mon, 27 May 2019 07:53:37 GMT https://community.cisco.com/t5/network-security/firepower-access-control-rule-for-tcp-session/m-p/3863162#M943250 TM13 2019-05-27T07:53:37Z https://community.cisco.com/t5/network-security/firepower-access-control-rule-for-tcp-session/m-p/3863167#M943251 <P>Hi,</P><P>To bypass a traffic for inspection (SNORT, AMP) you can create a pre-filter rule and set action as fast-path.&nbsp;Pre-filter rules are same as like ASA access list there is no L7 inspection.</P><P>If the default action on prefilter policy is <STRONG>Analyse</STRONG>, it will send all the traffic to snort for further inspection.</P><P>&nbsp;</P><P>Hope This Helps</P><P>Abheesh</P> Mon, 27 May 2019 08:04:01 GMT https://community.cisco.com/t5/network-security/firepower-access-control-rule-for-tcp-session/m-p/3863167#M943251 Abheesh Kumar 2019-05-27T08:04:01Z https://community.cisco.com/t5/network-security/firepower-access-control-rule-for-tcp-session/m-p/3863205#M943252 <P>Hi Abheesh,</P><P>&nbsp; Thanks, but we looking for possibility of return traffic can be bypassed, but seems that is not possible</P> Mon, 27 May 2019 08:57:18 GMT https://community.cisco.com/t5/network-security/firepower-access-control-rule-for-tcp-session/m-p/3863205#M943252 TM13 2019-05-27T08:57:18Z