05-17-2017 10:15 AM - edited 03-12-2019 02:22 AM
I have a ASA-5515 w/FirePOWER services.
I have a 3750X-switch with 2 workstations on their own vlan (I'll say vlan666), connected to 3750X-switch, when then connects to the ASA-5515.
The issue is, when I send traffic to the firepower (sfr), the sfr module requests a drop of packets (all packets) from the 2 workstations on vlan666. I have workstations on the local 3750X, which are on another vlan (I'll say vlan667), and they too get an initial sft module requests a drop of packets, but within a second the sfr module tells the ASA to bypass and not send packets to the sfr, and I can reach the sites from workstations on vlan667.
I have disabled any access control policy blocks on the sfr configuration (Allow all), but I am running Base Policy (Balanced Security and Connectivity)
I am in a closed environment, so I am not able to get whitelists, blacklists, etc, etc.
I am running ASA version 9.7.(1)4, ASDM 7.7(1), Firepower 6.2.0 (build 362)
05-17-2017 07:26 PM
What does your FMC show for the Block reason under Analysis of Connection Events and Intrusion Events?
05-24-2017 10:21 AM
I am not running FMC, only ASDM w/Firepower. It appears right now I am having an issue with 6.2.0-362 where the Cisco Network Sensor Upgrade 6.2.0.1 Hotfix A
Cisco_Network_Sensor_Hotfix_A-6.2.0.1-10.sh or the subsequent install that I did of Firepower Services on ASA - Upgrade only
Cisco_Network_Sensor_Patch-6.2.0.1-59.sh has left me stuck with an unstable version of 6.2.0-362 as I cannot update policies on the firepower (the deployment fails), nor can I upgrade or downgrade the unit.
I am going to attempt to reinstall 6.2.0-362 again, or just wipe the entire thing and start over, as I didn't have this issue until doing the 6.2.0.1-59 patch.
05-25-2017 01:01 AM
If you have smartnet support it might be a good idea to open a TAC case for detailed troubleshooting of your specific issue.
I have upgraded a number of devices to 6.2.0.1 patch without issue; so it is certainly possible.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide