Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2382
Views
5
Helpful
1
Replies

Firepower 6.6: Is it possible to let pass a certain UDP broadcast?

Go to solution
swscco001
Level 3
Level 3

‎02-10-2021 12:27 AM

Hello everybody,

 

a cusctomer has a Firepower 4110 running 6.6.0 and configured by FMC.

I have a pricipal question:
Is it possible (and if yes, how) to let pass a certain UDP broadcast from one IP network to another when the FTD
has own interfaces in both?

I see in the capture a ACL drop for arriving broadcast packets for UDP port 4800:

  19: 15:02:21.250475       802.1Q vlan#60 P0 172.16.17.84.56620 > 255.255.255.255.4800:  udp 8 
Phase: 1
Type: CAPTURE
Subtype: 
Result: ALLOW
Config:
Additional Information:
MAC Access list

Phase: 2
Type: ACCESS-LIST
Subtype: 
Result: ALLOW
Config:
Implicit Rule
Additional Information:
MAC Access list

Phase: 3
Type: INPUT-ROUTE-LOOKUP
Subtype: Resolve Egress Interface
Result: ALLOW
Config:
Additional Information:
Found next-hop 255.255.255.255 using egress ifc  identity(vrfid:0)

Phase: 4
Type: ACCESS-LIST
Subtype: 
Result: DROP
Config:
Implicit Rule
Additional Information:

Result:
input-interface: cae-domserver(vrfid:0)
input-status: up
input-line-status: up
output-interface: NP Identity Ifc
Action: drop
Drop-reason: (acl-drop) Flow is denied by configured rule, Drop-location: frame 0x0000562cbd1d4720 flow (NA)/NA

But in the Connection Events log I don't see neither an ALLOW nor a BLOCK for this:

The customer has not configured an own PreFilter.

Every hint is very welcome!

Thanks a lot!



Bye
R.



0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Sheraz.Salim
VIP Alumni
VIP Alumni

‎02-10-2021 01:18 AM - edited ‎02-10-2021 01:23 AM

Firewall is a L3 device so it wont let pass the broadcast address unless its a multicast traffic.

show can check this with "show asp drop" command

 

please do not forget to rate.

View solution in original post

1 Reply 1

Go to solution
Sheraz.Salim
VIP Alumni
VIP Alumni

‎02-10-2021 01:18 AM - edited ‎02-10-2021 01:23 AM

Firewall is a L3 device so it wont let pass the broadcast address unless its a multicast traffic.

show can check this with "show asp drop" command

 

please do not forget to rate.
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card