Firepower detects malware in FTP but doesnt detects in TFTP Transfer
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-09-2016 04:00 AM - edited 03-12-2019 06:07 AM
I am testing the firepower (ver. 6.0.0.1-26) on ASA 5525X (9.5.3).
I have access control policy applied with file and malware policies in it which are to block malware.
I have an issue where a test a malware file transfer using TFTP isnt detected by the module and is allowed to pass through. However, module detects the file If I try to use FTP for file transfer.
Any idea why it would not detect using TFTP and how it detect when using FTP.
- Labels:
-
NGIPS
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-09-2016 08:18 AM
Found answer myself, only certrain protocols are supported for inspection and TFTP is not one of them.
