cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
801
Views
0
Helpful
0
Replies

FirePower not detect IPS threat events

hanguye3
Cisco Employee
Cisco Employee

Hi bros,

 

I am having an issue with the detailed information below and need your advice:

- Using the FP2140 and virtual FMC.

- Topology: Internet User <=> Router <=> Switch <=> FP2140 <=>Baracuda WAF <=> DMZ. We spanned the traffic from Internet User to the DMZ; the traffic is spanned before going to WAF to get all the malicious traffic.

- Detailed steps:

+ Add all the threat licenses.

+ Add the FP2140 to the FMC.

+ Create the Passive Interface, Zones and Interfaces.

+ Create the Network Discovery, Intrusion and File Policies.

+ Create the Network Access Policy with Network Discovery rule in Default Rule (enable the Logging)

+ In the Mandatory rules, i create 01 Allow_All Policy with Intrusion, File, Application and URL Filter policies... and enable the logging.

From the Dashboard we can see the traffic like Top Client Web App, Top Server App, URL info... but nothin from the IPS threat events dashboard.

I tried to create 02 IPS Profile: Max detection and FirePower Recommendation but the results still the same.

Do i miss any configuration to get the IPS events?

Highly appreciate for any prompt response. Thanks in advance.

Br,

hainm

 

0 Replies 0
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: