Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2032
Views
0
Helpful
2
Replies

firepower inline normalization

saintlan1
Level 1
Level 1

‎07-18-2019 08:54 PM - edited ‎02-21-2020 09:19 AM

Hi,

 

Does any one here have experience on the firepower, the results on the intrusion events have "would have dropped" and "drop"? One IPS signature but two results drop and would have dropped.

 

the firepower are configured on inline mode. Any one here have the same experience? How did you manage to configure the FMC?

 

software version = 6.2.3 both fmc and sensor.

 

Thanks in advance.

 

Labels:
Preview file
306 KB
0 Helpful
2 Replies 2

Sheraz.Salim
VIP
VIP

‎07-19-2019 10:10 AM

as long as your FMC is configured to drop in line it will drop the packet and log it in the event logs.

please do not forget to rate.
0 Helpful

Massimo Baschieri
Level 3
Level 3
In response to Sheraz.Salim

‎07-19-2019 10:44 PM

It should work as you said, but I've seen cases where http and https traffic to the same host fires the same ips rule, but http traffic gets dropped and https traffic gets would have dropped.

Don't know if it depends on the host not fully discovered or what, but I've seen it.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card