cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2143
Views
0
Helpful
1
Replies

ASA Firepower with Automatic Application Bypass (AAB) and Intelligent Application Bypass (IAB)

u.drechsel
Level 1
Level 1

Hi all,

I'm using ASA5585-X SSP40 (version 9.4.(2)6 ) with Firepower 6.0.1.2. Because of performance issues I've activated AAB for testing purposes. In the documentation I found:

"If detection is bypassed, the device generates a health monitoring alert."

I also activated IAB in test mode for application category "very low risks"

I want to know, how often these events occures and what kind of information it contains. Does anybody know, how I can identify these events in the Health monitor or via CLI?

Thank you,

Sincerely,

Uwe

1 Reply 1

Claudiu Cismaru
Cisco Employee
Cisco Employee

Hello,

When AAB triggers you'll get an event in Health Events. It will trigger once a packet will take more than configured threshold until gets out on the output interface.

IAB should be configured for large flows identified (like SMB traffic, large downloads over non HTTPS flows).

Review Cisco Networking for a $25 gift card