Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
233
Views
0
Helpful
1
Replies

Excluding Specific Traffic from Firepower Inspection

Samechine
Level 1
Level 1

‎12-06-2024 05:33 PM

Hello,

Regarding the ASA5525 with the FirePower module I am using, the following configuration exists in the service policy rules:

-------------

class-map Internal-class
match any

policy-map Internal-policy
class Internal-class
sfr fail-open

service-policy Internal-policy interface Internal

---------

I believe all traffic passing through the Internal interface is being inspected by Firepower. However, I would like to configure it so that specific traffic is excluded from Firepower inspection.

To achieve this, I attempted to add a rule to the Internal Policy in the ASDM's Service Policy Rules. I defined a class to specify the traffic but wasn’t sure what to configure under "Rule Actions."

I proceeded without setting any Rule Actions, but it didn’t work as expected.

Could you provide some advice?

Best regards,

0 Helpful
1 Reply 1

MHM Cisco World
VIP
VIP

‎12-06-2024 05:54 PM

https://integratingit.wordpress.com/2022/06/11/asa-firepower-module/

Check this' 

What you need is add line under class deny specific traffic from pass through sfr

MHM

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card