04-21-2015 01:24 PM
hi out there
I am trying to get most out of a 5506 with sourcefire - I direct trough the default global ploicy *any* traffic trough the sfr module.
I can also verify that it Works by f.ex defining a facebook free Network which would block facebook. - and this Works fine.
But I would like to get some reports what it does and here I am a bit lost.
When I trough the ASDM go to monitoring -> ASA firepower monitoring -> real time eventing I get nothing listed? Even though there is a lot of traffic to inspect and on the ASDM log on the home page in the ASDM syslog window I can also see that ASDM logs a lot of sessions where the sfr module requests the asa to bypass further packet redirection and process UDP/TCP flow
But when I open the firepower dashboard or firepower reporting no data is avalibly ??
Ehhh - is there either some which can give me some tips - completely new to sourcefire - or tell me what I have done wrong ??
br /tiwang
05-05-2015 02:09 PM
I have the same observations. But have been unable to find information on getting the reporting to work, in particular, the Firepower Dashboards.
06-22-2015 08:26 PM
Make sure you have a "Monitor All" rule in your Access Control Policy.
Add a rule and set the Action to "Monitor", leave all the other fields default.
In my case I already had this rule in place day one and real time eventing just stopped working. I ended up moving the rule to Administrator Rules and applying/saving the policy.
On the most current release the ASA 5506 with Firepower is simply buggy.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide