Block establish connection rule on FMC or FTD

zmutlu · ‎04-13-2023

Hello,

I have created Time range in Object Management from 08:00 until 09:00 AM and inserted into created rule from outside to inside PC allow connection for the specific time mentioned before. I`ve checked time zone and synchronization on FTD and FMC, time is the same, but establish connection on Inside PC not blocking after mentioned time, but new connections is blocking.

Where is a problem?

Thank you.

balaji.bandi · ‎04-13-2023

what version of FTD ?

if you running 6.X code look at the below alternative option :

https://community.cisco.com/t5/security-blogs/time-based-acls-in-firepower-threat-defense-ftd-v6-2/ba-p/3664122

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

zmutlu · ‎04-13-2023

Hi,

FTD version is 7.0.5

Octavian Szolga · ‎04-13-2023

Hi,

You mentioned "establish connection on Inside PC not blocking after mentioned time, but new connections is blocking."

It's normal behaviour. It never worked differently.

Time-based ACLs affect new connections, not existing ones.

BR,

Octavian

MHM Cisco World · ‎04-13-2023

the traffic is already UP so the traffic have conn in FW database
so even if you config time range ACL it will not effect it the traffic will bypass all ACL
how can I solve this issue? for me you can use EEM with add time range ACL
the EEM will clear local-host conn and you add time range ACL the traffic now will not bypass ACL but will hit it.
thanks
MHM