Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3512
Views
10
Helpful
17
Replies

ASA+FirePower Bundle - policies not getting applied - Interface 'DataPlaneInterface0' is not receiving any packets.

Eby Mani
Level 1
Level 1

‎12-25-2014 10:50 PM - edited ‎03-12-2019 05:36 AM

I'm evaluating ASA5500-X with FirePower bundle with Eval licenses.

I'm facing 2 issues with FSMC,

1, FSMC show 2 critical health errors for SFR & Sourcefire3D related to time synchronisation. - Module Time Sync is out.

2, Nothing is displayed in "Connection Status" and policies are not getting applied. However the top Applications & Operating Systems are displayed in Dashboard !!!!.

on ASA i've tried with the following and monitor-only modes.

policy-map global_policy
 class class-default
  sfr fail-open

on FSMC, Zones are configured. And called in Access Control Policy.

 

FSMC Health Monitor says:

SFR
Module Time Synchronization: "device" is out-of-sync.
Module Traffic status: Interface 'DataPlaneInterface0' is not receiving any packets.

 

Strange thing is on the ASA,

internal-Control0/0, Internal-Data0/0, Internal-Data0/1, Internal-Data0/2 interfaces and line protocols are up and sending/receiving packets with no errors or drops !!!.

 

Does the inside zone need to be on interface other than g0/0 or the interface names(ASA & FSMC) should match ?.

 

Thanks.

4 people had this problem
Labels:
0 Helpful
17 Replies 17

huucuonghumg
Level 1
Level 1
In response to Aastha Bhardwaj

‎05-17-2016 06:38 PM

Hi everyone!

when I try convert from route mode to firewall transparent mode, I can show traffic but still error witch "show service-policy sfr" command:

show service-policy sfr

Service-policy: global_policy
Class-map: sfr
SFR: card status Up, mode fail-open monitor-only
packet input 0, packet output 0, drop 0, reset-drop

normal packet input 0 or packet output 0 not is zero

Everyone can tell me why and how can solved it?

I should using firewall transparent mode or route mode?

Thankyou very much!

Preview file
96 KB
Preview file
72 KB
Preview file
145 KB
0 Helpful

jai_chandra2001
Level 1
Level 1

‎04-27-2015 02:29 PM

I have a similiar problem too..in Active/Standby deployment, the secondary ASA's SFR module is throwing the same error.

"Interface 'DataPlaneInterface0' is not receiving any packets"

I have all licenses installed and it was working until a week ago(upgrade to 5.4 recently)

0 Helpful

Pavel Trinos
Level 1
Level 1
In response to jai_chandra2001

‎05-20-2015 01:04 PM

In ASA HA deployment A/S, standby unit does not see traffic by default, that is why you are getting that DPI0 error.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card