cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
809
Views
0
Helpful
1
Replies
Highlighted
Beginner

Bypass speedtest sites in Firepower?

Hi guys,

I have a 5545x with an 1 Gig internet connection running IPS, URL, and AMP.

When running speedtests, it causes latency for other users (200ms-400ms). I am running into this issue:

http://www.cisco.com/c/en/us/support/docs/security/firepower-management-center/200420-Processing-of-Single-Stream-Large-Sessio.html

I am trying to allow speedtest sites to bypass the IPS (for perception and I don't like that users can easily hog.

I tried to add "Trust" statements for speedtest.net and speedtest.xfinity.com, however, the traffic is not matching since the speedtests actually go direct to different speedtest servers.

Anyone have any luck with this?

Everyone's tags (1)
1 REPLY 1
Contributor

Re: Bypass speedtest sites in Firepower?

Hi @Ralphy006

 

Sorry for the late response. I just found this post, and I wanted to accomplish the same as you. 

 

I have come up with a two step solution. The first step is to Trust these two applications. (Speedtest.net and fast.com)

SpeedTest

Netflix Stream

 

Next step is to trust more data from SpeedTest.net's websocket.

App is: WebSocket

port is: tcp/8080

URL contains these two:
speedtest
linespeed

 

 

Kind Regards 

Dennis

CreatePlease to create content
Content for Community-Ad
August's Community Spotlight Awards