Had this problem today with ASA 5516-X on ASA v9.5.2-14. Essentially the firewall stopped forwarding all between connected interfaces/subnets. From the firewall console, I could ping pretty much anything in the network and on the internet. But from any given server or workstation outside that subnet, nothing was reachable.
I had ASDM filtering set to debugging and I literally saw nothing to indicate any firewall rules were being violated, except for the ones we wanted. We also have SourceFire running (6.0.1). Since the sourcefire management server was unreachable, it couldn't log what was going on. However I didn't see anything on the ASA debug log that indicated SFR was dropping any traffic - no "SFR requested" entries. To spot check SFR further, I disabled the Service Policy rules to no effect. The failover action is "permit" traffic in case SFR crashes.
Clearing xlate didn't help. I checked routes to the internet, tried manually failing over the internet interfaces and still nothing could either talk to the internet or to another interface.
The only thing that worked was powering off both firewalls simultaneously and turning them both back on.
Since then I've downgraded to 9.5.2-10 since I ran for months on that with no issues.
Has anyone had a similar problem?
