11-06-2020 03:30 AM
Hi All,
I am facing some issue after an upgrade from 6.6.0 to 6.7.0 for both my FMCv and FTDv. As per the release notes I should be able to switch to using Snort 3.0 after the update from the "Device > Updates page, in the Intrusion Rules group", but am unable to find said menu.
The above is taken from the release notes of 6.7:
Anyone able to advise on how to switch from Snort 2 to Snort 3 and vice-versa or if there are any limitations?
Solved! Go to Solution.
01-13-2021 09:13 AM - edited 01-13-2021 09:22 AM
Snort 3.0 support is available to FDM/FTD6.7.0 and not yet available with FMC/FTD6.7.0.
11-08-2020 07:50 PM
I think they haven't actually put that in the menus, contrary to the release notes.
I checked my lab FMC 6.7 and don't see it. I also downloaded and searched the entire 3067 page FMC Configuration Guide and that menu choice doesn't appear there either.
It looks like it is available as one of the rare cli configuration commands:
> configure snort3 disable Disable Snort3 on the next deploy. enable Enable Snort3 on the next deploy.
11-09-2020 02:36 AM
Hi Marvin,
Thank you for the information. Could you please share what FTD you are using as that option is not available on any of the FTDv devices I have in our lab environment:
> configure snort3
> configure snort
snort Configure Snort options
> configure snort
preserve-connection preserve connection
I even deployed an FTDv for ESXi directly on 6.7 and upgraded another FTDv from 6.6 to 6.7 on the other and the option is not available on either.
09-15-2021 06:31 PM
I have a similar issue where we need to run on snort3 and make sure the version is higher than 2.9.18 due to IAVA release. Will running this command cause the FTD's to reboot or just at the next deployment restart the snort engine as V3?
I've been trying to confirm through CLI which one were using but could only find a section in Advanced Troubleshooting section showing the version.
ej
12-10-2020 06:01 AM
Anyone found a solution?
01-13-2021 09:13 AM - edited 01-13-2021 09:22 AM
Snort 3.0 support is available to FDM/FTD6.7.0 and not yet available with FMC/FTD6.7.0.
01-14-2021 05:07 AM
Thanks Uma, indeed I can see the option on the newly deployed FTD managed locally ... I missed the line where it says the features are only for FDM
Do you have an ETA when this will be added to FMC/FTD combo?
Regards,
Zhulien
01-13-2021 10:06 AM
Correct - the device I checked was an FTDv 6.7 that's locally-managed (FDM).
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide