Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
2309
Views
0
Helpful
2
Replies

Does FTD always send traffic to Snort for inspection even I set None for the Intrusion Policy?

SIMMN
Spotlight

‎09-14-2020 08:12 AM

I could be wrong but I thought if I set the Intrusion policy within a particular Allow Access Control Rule as None, the FTD/Lina would not send traffic to snort for verdict...But if I do a packet tracer, it seems like FTD still send traffic to Snort...

1.png

So if the Action Allow would always send traffic to Snort,

1. What is the point of setting the intrusion policy as None?

2. If I want to completely bypass the Snort for particular traffic for whatever reason, I need to change the action from Allow to Trust within the Access Control rule? OR move the rule into Pre-filter?

 

Thanks!

0 Helpful
2 Replies 2

balaji.bandi
Hall of Fame
Hall of Fame

‎09-14-2020 09:13 AM

Suggest to read the traffic flow :  below URL explain how that works.

 

https://www.lammle.com/post/cisco-firepower-threat-defense-ftd-packet-flow/

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

SIMMN
Spotlight
In response to balaji.bandi

‎09-14-2020 10:21 AM

Thanks, I actually has the Cisco graph for the flow...

 

But using the doc you shared, quote "

  • The packet is inspected by the Snort engine, if configured to do so; this can include SI, IPS, AMP, URL filtering among other inspections.

"

This is related to the first question I posted...

0 Helpful
Review Cisco Networking for a $25 gift card
Top