asa 5506 with sourcefire

tiwang · ‎04-21-2015

hi out there

I am trying to get most out of a 5506 with sourcefire - I direct trough the default global ploicy *any* traffic trough the sfr module.

I can also verify that it Works by f.ex defining a facebook free Network which would block facebook. - and this Works fine.

But I would like to get some reports what it does and here I am a bit lost.

When I trough the ASDM go to monitoring -> ASA firepower monitoring -> real time eventing I get nothing listed? Even though there is a lot of traffic to inspect and on the ASDM log on the home page in the ASDM syslog window I can also see that ASDM logs a lot of sessions where the sfr module requests the asa to bypass further packet redirection and process UDP/TCP flow

But when I open the firepower dashboard or firepower reporting no data is avalibly ??

Ehhh - is there either some which can give me some tips - completely new to sourcefire - or tell me what I have done wrong ??

br /tiwang

thomas.talley · ‎05-05-2015

I have the same observations. But have been unable to find information on getting the reporting to work, in particular, the Firepower Dashboards.

ED CRAIG · ‎06-22-2015

Make sure you have a "Monitor All" rule in your Access Control Policy.

Add a rule and set the Action to "Monitor", leave all the other fields default.

In my case I already had this rule in place day one and real time eventing just stopped working. I ended up moving the rule to Administrator Rules and applying/saving the policy.

On the most current release the ASA 5506 with Firepower is simply buggy.