12-18-2017 12:26 AM - edited 02-21-2020 06:58 AM
Hi,
A customer has bought a ASA 5515-X with Firepower Services 6.0.0. I have added the license for the device (VMware with 2 Devices) but he hasnt licenses for the services (URL, etc)
When i enable the service policy into the ASA and send the traffic to Firepower (i have create a simple policy in the access control menu, saying just monitor the traffic and not block it) the web browsing is blocked and i cant see any webpage! I was expected to see the web pages and in the Firepower to monitor the traffic!
Is it a logical result, because of the lack of the subscriptions or i must have a basic functionality?
Can you help me about this problem?
Solved! Go to Solution.
12-18-2017 04:03 AM - edited 12-18-2017 05:30 AM
Check the default Intrusion Policy (bottom right of your Access Policy editing window). You probably have it set to the default of “block” vs something more permissive like “Balanced security and connectivity”.
Also make sure you have enabled the log option in your policy elements.
Regarding licenses, you should at least have the no cost control license.
12-18-2017 04:03 AM - edited 12-18-2017 05:30 AM
Check the default Intrusion Policy (bottom right of your Access Policy editing window). You probably have it set to the default of “block” vs something more permissive like “Balanced security and connectivity”.
Also make sure you have enabled the log option in your policy elements.
Regarding licenses, you should at least have the no cost control license.
12-18-2017 05:20 AM
Thanks for your help!
Now it works! I change the default action to Balanced Security and Conectivity and it works fine!
Thanks in advance!
12-18-2017 05:31 AM
You're welcome. Thanks letting us know it worked and for rating.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: