cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

3786
Views
5
Helpful
5
Replies
Highlighted
Beginner

Firepower stops FTP-download, how to find the event in the log?

Hi,

I have a ASA 5525-X with Firepower. When Firepower is turned on I cannot transfer files via FTP from an external FTP-server. If I turn off the Firepower-inspection I can transfer files. I have tried to find why the transfer is blocked, but cannot find it the event in the logs. In the management console I can see the connections in Analysis/Connections/Events, but there the connection is logged as allowed. So it has to be blocked by another mechanism, but how can I find this in the logs? In other words, how can I find why the transfer is blocked?

Br,

Thor-Egil

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Enthusiast

Hello, 

Recently we also faced similar issue. In our case, the problem was due to bug:

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvb55994

The workaround with Trust Action worked perfect for us. 

View solution in original post

5 REPLIES 5
Highlighted
VIP Advisor

Have you checked under Analysis > Files > File Events?

Most likely you have a file inspection policy associated with your Access Control Policy.

--

Please remember to select a correct answer and rate helpful posts

--
Please remember to select a correct answer and rate helpful posts
Highlighted

Hi,

I have a file inspection policy but I cannot see anything in the logs. Also, it seems that all file types are affected, even file types that are not protected by the policy.

The problem started after I upgraded firepower to version 6.1.0. Before the upgrade I was running 6.0.1 and with that version I could transfer files, the policies are not changed.

Is it possible to search the logs for all events related to a spesific IP, a search for all catogories?

Highlighted

Yes this is possible.  Under Analysis > Search you are able to filter traffic. Select Network from the option on the left and then enter the source and/or destination adress you want to filter on.

--

Please remember to select a correct answer and rate helpful posts

--
Please remember to select a correct answer and rate helpful posts
Highlighted
Enthusiast

Hello, 

Recently we also faced similar issue. In our case, the problem was due to bug:

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvb55994

The workaround with Trust Action worked perfect for us. 

View solution in original post

Highlighted

Hi,

This seem to describe our situation! I have already implementet the workaround with a trust, but will now try to upgrade to 6.2 and see if the problem is fixed. Thank you very much.

Br,

Thor-Egil

Content for Community-Ad