Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1504
Views
0
Helpful
0
Replies

Firepower randomly blocking traffic

Boris Simunko
Level 1
Level 1

‎11-10-2017 03:21 AM - edited ‎02-21-2020 06:43 AM

Hello!

 

I am doing a new install, and have hit problems in the first few minutes.

 

ASA5516X 9.8(1) with FirePower services (all licensed) 6.2.0-362

 

There is only 1 "permit all" rule with "Trust all traffic" as the default action. The idea behind it is that we wanted to just monitor the traffic in the first phase of the install, and gradually build the rule base.

 

What happens is that FP is blocking mostly DNS traffic to public DNS servers, even the most legitimate requests like google.com, and to make matters worse the blocked traffic is random and there is no way to determine why. Real time eventing just shows "Intrusion block". Another oddity is that the same traffic is sometimes blocked and sometimes allowed, all within a few minutes (screenshots attached).

 

What am I missing?

 

 

 

 

Labels:
Preview file
91 KB
Preview file
89 KB
0 Helpful
0 Replies 0
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card