blocked or blacklisted by the stream preprocessor (stream)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-17-2024 09:17 PM
New Deployment FTD with version 7.4.2.1 with inline mode, My access control policy has all traffic set to allow, my intrusion policy is NOT set to drop (Detection Mode) and also security intelligence set as monitor. Running show asp drop command on my 3140 FTD. shows that almost all of the drops are coming from stream preprocessor. Any help would be greatly appreciated.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-17-2024 09:48 PM
you use snort2 and you have asymmetric traffic
MHM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-17-2024 10:17 PM
I am currently using snort 3, is there any chance how can i check the asymetric traffic with inline mode? because i am not possible to create packet capture before
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-17-2024 10:32 PM
ACP advance tab
check
Transport/Network layer preprocessor setting
ignore vlan header when track connection <<- make this feature Yes
MHM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-18-2024 10:32 AM
If you can provide us with the "system support trace" output of where the traffic gets blocked by stream we should be able to provide some better guidelines around this.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-18-2024 10:36 AM
Sorry he is share ASP drop in his original post.
Thanks
MHM
