cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

1130
Views
0
Helpful
3
Replies
sbrooke
Beginner

ASA 5506-X Firepower module not working

I have a new 5506-X with the Firepower module installed and licensed for the base plus URL and Malware filtering.

The firewall side of things is active and in use.  I've configured a global policy for any traffic and forwarding to the FP module.  I checked the monitor only box.

I've not been able to see any traffic hitting the FPM in the ASDM GUI.  The FPM dashboard shows no traffic and the live monitoring also shows nothing.  I've even gone through adding some URL category filters in the FPM Access Control Policy to see if I can trigger something there.

When I connect to the module through the CLI, I do see traffic-statistics incrementing.

What am I doing wrong?  FPM is on 5.4.1 and the ASA is on 9.5(1).

I noticed the ASDM is showing "basic threat detection" is enabled.  I confirmed this in the CLI.  Is that getting in the way?

I just tested the DNS related change posted a few down from this post.  I added the local DNS and then restarted nscd.  I did not restart the module.  No change.  The ASA FirePOWER Reporting tab shows 0 data across the board.

1 ACCEPTED SOLUTION

Accepted Solutions
Aastha Bhardwaj
Cisco Employee

Hi,

If SFR is set to monitor-only mode as well , run :

show service-policy SFR and you should see the Transmit bytes increasing .

You have already verified the traffic statistics on SFR that means its receiving the traffic, have you enabled logging on access control policy .

Regards,

Aastha Bhardwaj

Rate if that helps!!!

View solution in original post

3 REPLIES 3
Aastha Bhardwaj
Cisco Employee

Hi,

If SFR is set to monitor-only mode as well , run :

show service-policy SFR and you should see the Transmit bytes increasing .

You have already verified the traffic statistics on SFR that means its receiving the traffic, have you enabled logging on access control policy .

Regards,

Aastha Bhardwaj

Rate if that helps!!!

View solution in original post

I did not have logging enabled in the URL policy.  Turning that on let's me see the traffic with it in monitor mode.  Is that still necessary if the SFR is in inline mode?

Thanks!

Hi ,

In monitor only mode no action will be taken on the packet  but you will still see it in connection events. If you want traffic to be Blocked etc you would need to place the module in inline mode.

Regards,

Aastha Bhardwaj

Rate if that helps!!!

Content for Community-Ad