Dear

It could be that bug. Do you have the same conditions in that setup like the firmware version and FTD HA?

NO

It could be some other issue as well. I would suggest to open TAC case for that so right issue can be isolated and fixed

Any hint you can give me so that i can check for it, it can be becz of  policies for which i have a deny statement  up and permit statement  down then again i have a deny statement for the some application traffic ,   It can be for that ????

but it could just be that some of the  files which are dynamic analysis capable and local analysis capable are also executable  and multimedia which are already blocked. So dynamic/local analysis for those files will not be done because they are blocked anyways. If that's the error, it can safely be ignored.

yes exactly it is the error. 

Third Question

panacea.threatgrid.com is explicitly allowed on firepower for port 443 and cloud-sa.amp.sourcefire.com

for netowork AMP.

from FMC  & firepower, IP address i have allowed , 80,443, 53 are there any other ports that has to be allowed apart from these.

Thanks

Hi

There are no other ports to be allowed. Are you doing SSL decryption on Firepower? If yes, bypass FMC IP from that. Or create a trust rule for FMC IP.

The policy error cannot be because of the rule actions. They may or may not match and give warning about that but no error.

You can run pigtail on FMC CLI in root mode and then reproduce the error. Stop the pigtail (it would be huge output so you may want to log the putty output) and then check for that error and any related info (just before the error comes) which might help.

Hope it helps,

Yogesh

Dear Yogdhanu

Are you doing SSL decryption on Firepower

not for the FMC subnet as it is management Vlan,

Create a trust rule for FMC IP

I will create and test, currently not in the office

You can run pigtail on FMC CLI in root mode and then reproduce the error. Stop the pigtail (it would be huge output so you may want to log the putty output) and then check for that error and any related info (just before the error comes) which might help.

Also I will try applying the above and will collect logs

Thanks for the reply

Dears

Please find the warning snapshot,

my first rule is blocking all executables and multimedia and on the second rule  malware lookups for types of file , Please confirm whether it is a best practice for configuring file policy.

The trust rule worked fine without any errors

if start the pigtail how I can stop it. ??

Thanks

Hello,

The rules is fine. As the warning just explains that because first rule is to block file itself, system will not do lookup for those files which it has to block anyways on extension.

You can use control+ c to stop the output.

Rate if helps,

Yogesh

Thanks

 Attached are the pigtails, i don't know how we can read them is it any cisco document or it is only for the TAC use.

the file policy which i have configured is it a best practice as per the cisco ,??? 

i m facing a issue with the download file ,,i try to download a exe file for a user who is allowed to download the exe, the file starts downloading but at the end when it is 4 % 3% or 2% left to finish it fails with network error , but the logs says it is allowed

thanks

Dear Yogdhanu,

Can u investigate the logs attached and share your experience

thanks

Dears,

Anybody can help me for the above query.

thanks

Error is Successfully connected with the cloud

FMC: Unable to communicate with dynamic analysis cloud.