Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
311
Views
0
Helpful
1
Replies

Filter events in a Port mirror

venbea
Level 1
Level 1

‎11-18-2025 12:11 AM

Good morning:

I have a port mirror on an interface.
This traffic is causing intrusion events.
How can I filter them?
I've tried putting this traffic in a trust rule in the access control policy, but it doesn't work.
I've also tried putting it in a prefilter, but that didn't work either.

Any ideas?

0 Helpful
1 Reply 1

Ben Weber
Level 1
Level 1

‎11-23-2025 07:46 PM

Hey @venbea 

For passive/port-mirroring interfaces, traffic only goes through the IPS engine, which means that the policies you have configured (Trust Rule, prefilter) aren't going to be hit by the traffic on the port-mirror. I think you need to tune your default Intrusion policy or else create a custom intrusion policy that has fewer rules. 

Worth checking out the below:

Solved: Exclude device from IPS policy? - Cisco Community

Firepower Management Center Device Configuration Guide, 7.1 - Inline Sets and Passive Interfaces [Cisco Secure Firewall Management Center] - Cisco

 

- BW
Please rate posts if they have been helpful.
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card