cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

1793
Views
3
Helpful
2
Replies

FirePower policies failing

Today we noticed that our Mandatory-default policy is not working properly.  Adult site filtering is about 40% efficiency.  Other elements such as proxy anonymizers, tor and bittorent are now getting through.   Software verion-6.0.1.4 (build 1083), Rule Update version -2018-01-22-001-vrt.

Rulepack -2017, Module Pack -2295, Geo version -2018-01-16-002, VDB verion -build 292.

We also started getting this error:

Number of files detected in traffic exceeds module threshold

2 REPLIES 2
yogdhanu
Cisco Employee

Hi Peter,

"Number of files detected in traffic exceeds module threshold" alert means that the file policy might be inspecting too much traffic than the device can handle. There are too many files detection which are causing the device to reach its limit in terms of daily limit in terms of file policy. This could be due to misconfiguration where all traffic is being subject to file policy with all the file types or simply too much traffic.


URL filtering not working properly is another issue which could or could not be related to the problem. I would suggest to open TAC case or check the /var/log/messages and look for CloudAgent and find out if there is any issue with device connectivity to backend server for URL category lookup.


Thanks

Yogesh

Dennis Perto
Contributor

Hi Peter

You are seeing two issues.

First of all the number of files handled by the module is too much. You need to tune your file policy, or tune the advanced section in your access control policy.

I figure that you are referring to URL filtering not working as expected. This might be because of encrypted traffic, or the fact that your sensor does not have the amount of memory required to lookup most URLs.
You can allow/enable your sensor to lookup unknown URLs in the FMC, and you can allow/enable the FMC to make unknown lookups in the cloud as well. This will bring down the false positives regarding URL filtering.

Content for Community-Ad