Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
578
Views
1
Helpful
5
Replies

blocked or blacklisted by the stream preprocessor (stream)

Muhammad Yudi Pratama
Level 1
Level 1

‎12-17-2024 09:17 PM

New Deployment FTD with version 7.4.2.1 with inline mode, My access control policy has all traffic set to allow, my intrusion policy is NOT set to drop (Detection Mode) and also security intelligence set as monitor. Running show asp drop command on my 3140 FTD. shows that almost all of the drops are coming from stream preprocessor. Any help would be greatly appreciated.

MuhammadYudiPratama_0-1734498948698.png

 

 

5 Replies 5

MHM Cisco World
VIP
VIP

‎12-17-2024 09:48 PM

you use snort2 and you have asymmetric traffic 

MHM

0 Helpful

Muhammad Yudi Pratama
Level 1
Level 1
In response to MHM Cisco World

‎12-17-2024 10:17 PM

I am currently using snort 3, is there any chance how can i check the asymetric traffic with inline mode? because i am not possible to create packet capture before

MuhammadYudiPratama_0-1734502541137.png

 

0 Helpful

MHM Cisco World
VIP
VIP
In response to Muhammad Yudi Pratama

‎12-17-2024 10:32 PM

ACP advance tab 

check 
Transport/Network layer preprocessor setting 
ignore vlan header when track connection <<- make this feature Yes 

MHM

0 Helpful

ckleopa
Cisco Employee
Cisco Employee
In response to Muhammad Yudi Pratama

‎12-18-2024 10:32 AM

If you can provide us with the "system support trace" output of where the traffic gets blocked by stream we should be able to provide some better guidelines around this.

0 Helpful

MHM Cisco World
VIP
VIP
In response to ckleopa

‎12-18-2024 10:36 AM

Sorry he is share ASP drop in his original post.

Thanks 

MHM

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card
Top