02-24-2016 09:14 AM - edited 03-12-2019 05:54 AM
I have a new 5506-X with the Firepower module installed and licensed for the base plus URL and Malware filtering.
The firewall side of things is active and in use. I've configured a global policy for any traffic and forwarding to the FP module. I checked the monitor only box.
I've not been able to see any traffic hitting the FPM in the ASDM GUI. The FPM dashboard shows no traffic and the live monitoring also shows nothing. I've even gone through adding some URL category filters in the FPM Access Control Policy to see if I can trigger something there.
When I connect to the module through the CLI, I do see traffic-statistics incrementing.
What am I doing wrong? FPM is on 5.4.1 and the ASA is on 9.5(1).
I noticed the ASDM is showing "basic threat detection" is enabled. I confirmed this in the CLI. Is that getting in the way?
I just tested the DNS related change posted a few down from this post. I added the local DNS and then restarted nscd. I did not restart the module. No change. The ASA FirePOWER Reporting tab shows 0 data across the board.
Solved! Go to Solution.
02-25-2016 10:04 AM
Hi,
If SFR is set to monitor-only mode as well , run :
show service-policy SFR and you should see the Transmit bytes increasing .
You have already verified the traffic statistics on SFR that means its receiving the traffic, have you enabled logging on access control policy .
Regards,
Aastha Bhardwaj
Rate if that helps!!!
02-25-2016 10:04 AM
Hi,
If SFR is set to monitor-only mode as well , run :
show service-policy SFR and you should see the Transmit bytes increasing .
You have already verified the traffic statistics on SFR that means its receiving the traffic, have you enabled logging on access control policy .
Regards,
Aastha Bhardwaj
Rate if that helps!!!
03-02-2016 06:17 AM
I did not have logging enabled in the URL policy. Turning that on let's me see the traffic with it in monitor mode. Is that still necessary if the SFR is in inline mode?
Thanks!
03-03-2016 10:47 PM
Hi ,
In monitor only mode no action will be taken on the packet but you will still see it in connection events. If you want traffic to be Blocked etc you would need to place the module in inline mode.
Regards,
Aastha Bhardwaj
Rate if that helps!!!
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: