Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1370
Views
0
Helpful
2
Replies

Compromised host FMC

Steven Williams
Level 4
Level 4

‎12-12-2018 08:44 AM - edited ‎02-21-2020 08:34 AM

I have users trying to access a host that is showing up in FMC events with "red" computer icon which means compromised. The action is allowed in the event log. I have also added this host to bypass the sfr and i still the client getting tcp resets to this host from splunk. How do I fix this?

0 Helpful
2 Replies 2

Abheesh Kumar
VIP Alumni
VIP Alumni

‎12-12-2018 09:47 AM

How you bypass the client....
Did you whitelist the IP or excluded the IP from the sfr acl.
0 Helpful

Steven Williams
Level 4
Level 4
In response to Abheesh Kumar

‎12-12-2018 10:01 AM

sfr acl. but I still see it on the fmc logs.
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card