Hi all,
I have 2 ASA5525x with Firepower module installed. Because these firewall are dedicated for servers I have "Permit IP any any" rule with IPS and AMP enabled. Infosec department required to exclude one of their servers which they use for scanning. Although I created a "Trust IP HOST any rule above" previous one, it didnot work. All scans hit Permit ALL rule with inspection. I searched a bit and learned that I have to create another trust rule for response traffic. I wonder why this is required? Okay i understand that it passes further inspections such as IPS and AMP but i wonder why it doesnt do basic L3 inspection?