Re: Cisco Firepower not blocking traffic from ACL

Garry Cooper · ‎10-10-2022

Just added a application bit torrent rule to our firepower,

The bit torrent traffic get blocked, but any other traffic that is not BT is allowed and does not hit the rest of the access control policy.

I can see this in a packet trace.

Is this normal procedure, as I thought it should just hit the next rule.

Aref Alsouqi · ‎10-10-2022

As a starting point to troubleshoot this I would recommend using the command "system support firewall-engine-debug" on the FTD CLI to trying to check if there are any matches on the rules and what is the action applied to the traffic flow.

Garry Cooper · ‎10-10-2022

Aref.

Thanks for the quick reply, The issue is it matches the bit torrent rule for any bt traffic, but all other non bt traffic is allowed. it doesnt hit the following rules. as a normal acl would.

Top to bottom has always been the format.

Aref Alsouqi · ‎10-10-2022

Top to bottom is still the same criteria to match the traffic against the ACP rules. Not sure if in your case the firewall is not blocking the traffic because maybe it needs more packets to pass through before it can recognize the traffic as a bit torrent traffic, or if the traffic that is not being blocked has different pattern where the firewall is not recognizing it. Did you try to add a rule defining the peer to peer category? in addition to this, you could create a file blocking policy denying any btorrent files.