Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
644
Views
0
Helpful
1
Replies

Block/ Allow specific traffic for specific network FMC

damori.pierce
Level 1
Level 1

‎04-06-2022 12:36 PM - edited ‎04-06-2022 12:36 PM

So I'm new to FMC and I'm trying to get a grip on how things work.

 

I have an intrusion alert that keeps coming up. 

"HI_CLIENT_DOUBLE_DECODE (119:2:1)"

Problem is, it keeps alerting on non-malicious traffic (all internal traffic).

How do I turn off this rule for a specific network? without turning it off all together?

 

Ex.

network is 192.168.50.48 ---> 192.168.51.30  - HI_CLIENT_DOUBLE_DECODE (119:2:1)

network is 192.168.50.48 ---> 192.168.52.30 - HI_CLIENT_DOUBLE_DECODE (119:2:1)

network is 192.168.50.48 ---> 192.168.53.30 - HI_CLIENT_DOUBLE_DECODE (119:2:1)

0 Helpful
1 Reply 1

Eric R. Jones
Level 4
Level 4

‎04-06-2022 03:35 PM

A shot in the dark without trying this myself.

1. Create a new object(s) without that network. Edit the current rule and replace the current object(s) with the newly created one.

My other thought is to investigate your Policies > Intrusion Policies.

I would be interested in the resolution of this.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card