08-11-2016 07:28 AM - edited 03-10-2019 06:40 AM
I have found some events of type Would have dropped in ASA-Firepower FMC logs. The guide explains
The event type is always Would have dropped for packets seen while the system is pruning, regardless of deployment.
[...]
the system sometimes prunes older event details to manage disk space usage.
The module is inline and IPS policy is set to Drop when Inline so I can think of no other explanation.
Would Firepower really pass traffic matching a threat pattern while it is busy pruning?? Were these packets really not dropped?
08-23-2016 05:57 PM
I would like to know the answer to that question as well. Peter, were you able to find anything about this?
Thanks!
Neno
08-24-2016 04:30 AM
No findings yet, Neno. Sorry.
09-12-2018 06:20 AM - edited 09-12-2018 06:20 AM
Peter,
Were you able to find any such information for your query?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide