12-17-2024 09:17 PM
New Deployment FTD with version 7.4.2.1 with inline mode, My access control policy has all traffic set to allow, my intrusion policy is NOT set to drop (Detection Mode) and also security intelligence set as monitor. Running show asp drop command on my 3140 FTD. shows that almost all of the drops are coming from stream preprocessor. Any help would be greatly appreciated.
12-17-2024 09:48 PM
you use snort2 and you have asymmetric traffic
MHM
12-17-2024 10:17 PM
I am currently using snort 3, is there any chance how can i check the asymetric traffic with inline mode? because i am not possible to create packet capture before
12-17-2024 10:32 PM
ACP advance tab
check
Transport/Network layer preprocessor setting
ignore vlan header when track connection <<- make this feature Yes
MHM
12-18-2024 10:32 AM
If you can provide us with the "system support trace" output of where the traffic gets blocked by stream we should be able to provide some better guidelines around this.
12-18-2024 10:36 AM
Sorry he is share ASP drop in his original post.
Thanks
MHM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide