cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Bookmark
|
Subscribe
|
578
Views
1
Helpful
5
Replies

blocked or blacklisted by the stream preprocessor (stream)

New Deployment FTD with version 7.4.2.1 with inline mode, My access control policy has all traffic set to allow, my intrusion policy is NOT set to drop (Detection Mode) and also security intelligence set as monitor. Running show asp drop command on my 3140 FTD. shows that almost all of the drops are coming from stream preprocessor. Any help would be greatly appreciated.

MuhammadYudiPratama_0-1734498948698.png

 

 

5 Replies 5

you use snort2 and you have asymmetric traffic 

MHM

I am currently using snort 3, is there any chance how can i check the asymetric traffic with inline mode? because i am not possible to create packet capture before

MuhammadYudiPratama_0-1734502541137.png

 

ACP advance tab 

check 
Transport/Network layer preprocessor setting 
ignore vlan header when track connection <<- make this feature Yes 

MHM

If you can provide us with the "system support trace" output of where the traffic gets blocked by stream we should be able to provide some better guidelines around this.

Sorry he is share ASP drop in his original post.

Thanks 

MHM

Review Cisco Networking for a $25 gift card