cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

131
Views
0
Helpful
1
Replies
Beginner

Security Intelligence DNS Monitor/Block only works on one ASA in a HA pair

Hi All

About a year ago, DNS security via the Security Intelligence section stopped working  when the Secondary HA ASA becomes the active firewall (which happens frequently due to module monitoring at the Asa level and weekly deployments resulting in frequent sub second module restarts ). The client is not pushing the DNS layer protection, so I can't spend time on a lengthy Cisco Case. (i did open a case but upgrading was the next step).

I have since upgraded a couple of times and it has never fixed it. Just wondering if anyone else has come across this?

I've unloaded the Dns policy and reapplied it as another step with no change in the situation.

Everyone's tags (2)
1 REPLY 1
Highlighted
Hall of Fame Guru

Re: Security Intelligence DNS Monitor/Block only works on one ASA in a HA pair

Are both the primary and secondary ASA's Firepower service modules registered and licensed in your FMC?