Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
5779
Views
5
Helpful
5
Replies

Firepower stops FTP-download, how to find the event in the log?

Go to solution
cisco
Level 1
Level 1

‎02-08-2017 05:37 AM - edited ‎03-12-2019 01:54 AM

Hi,

I have a ASA 5525-X with Firepower. When Firepower is turned on I cannot transfer files via FTP from an external FTP-server. If I turn off the Firepower-inspection I can transfer files. I have tried to find why the transfer is blocked, but cannot find it the event in the logs. In the management console I can see the connections in Analysis/Connections/Events, but there the connection is logged as allowed. So it has to be blocked by another mechanism, but how can I find this in the logs? In other words, how can I find why the transfer is blocked?

Br,

Thor-Egil

Labels:
1 Accepted Solution

Accepted Solutions

Go to solution
Boris Uskov
Level 4
Level 4

‎02-09-2017 06:52 AM

Hello, 

Recently we also faced similar issue. In our case, the problem was due to bug:

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvb55994

The workaround with Trust Action worked perfect for us. 

View solution in original post

0 Helpful
5 Replies 5

Go to solution
Marius Gunnerud
VIP
VIP

‎02-08-2017 11:52 AM

Have you checked under Analysis > Files > File Events?

Most likely you have a file inspection policy associated with your Access Control Policy.

--

Please remember to select a correct answer and rate helpful posts

--
Please remember to select a correct answer and rate helpful posts
0 Helpful

Go to solution
cisco
Level 1
Level 1
In response to Marius Gunnerud

‎02-08-2017 01:50 PM

Hi,

I have a file inspection policy but I cannot see anything in the logs. Also, it seems that all file types are affected, even file types that are not protected by the policy.

The problem started after I upgraded firepower to version 6.1.0. Before the upgrade I was running 6.0.1 and with that version I could transfer files, the policies are not changed.

Is it possible to search the logs for all events related to a spesific IP, a search for all catogories?

0 Helpful

Go to solution
Marius Gunnerud
VIP
VIP
In response to cisco

‎02-09-2017 02:39 AM

Yes this is possible.  Under Analysis > Search you are able to filter traffic. Select Network from the option on the left and then enter the source and/or destination adress you want to filter on.

--

Please remember to select a correct answer and rate helpful posts

--
Please remember to select a correct answer and rate helpful posts
0 Helpful

Go to solution
Boris Uskov
Level 4
Level 4

‎02-09-2017 06:52 AM

Hello, 

Recently we also faced similar issue. In our case, the problem was due to bug:

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvb55994

The workaround with Trust Action worked perfect for us. 

0 Helpful

Go to solution
cisco
Level 1
Level 1
In response to Boris Uskov

‎02-10-2017 06:17 AM

Hi,

This seem to describe our situation! I have already implementet the workaround with a trust, but will now try to upgrade to 6.2 and see if the problem is fixed. Thank you very much.

Br,

Thor-Egil

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card