08-11-2016 07:28 AM - edited 03-10-2019 06:40 AM
I have found some events of type Would have dropped in ASA-Firepower FMC logs. The guide explains
The event type is always Would have dropped for packets seen while the system is pruning, regardless of deployment.
[...]
the system sometimes prunes older event details to manage disk space usage.
The module is inline and IPS policy is set to Drop when Inline so I can think of no other explanation.
Would Firepower really pass traffic matching a threat pattern while it is busy pruning?? Were these packets really not dropped?
08-23-2016 05:57 PM
I would like to know the answer to that question as well. Peter, were you able to find anything about this?
Thanks!
Neno
08-24-2016 04:30 AM
No findings yet, Neno. Sorry.
09-12-2018 06:20 AM - edited 09-12-2018 06:20 AM
Peter,
Were you able to find any such information for your query?
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: