Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
751
Views
0
Helpful
1
Replies

ASA Firepower Trust Action Problem

orkhan.rustamli.96
Level 1
Level 1

‎05-20-2019 05:17 AM - edited ‎02-21-2020 09:08 AM

Hi all,

I have 2 ASA5525x with Firepower module installed. Because these firewall are dedicated for servers I have "Permit IP any any" rule with IPS and AMP enabled. Infosec department required to exclude one of their servers which they use for scanning. Although I created a "Trust IP HOST any rule above" previous one, it didnot work. All scans hit Permit ALL rule with inspection. I searched a bit and learned that I have to create another trust rule for response traffic. I wonder why this is required? Okay i understand that it passes further inspections such as IPS and AMP but i wonder why it doesnt do basic L3 inspection?

Labels:
0 Helpful
1 Reply 1

GRANT3779
Spotlight
Spotlight

‎05-20-2019 10:54 AM

Rather than have the ASA software direct that server traffic to the SFR you could add a deny entry at the top of the redirect ACL for that specific server so it does not get sent to the Firepower module.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card