Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
354
Views
1
Helpful
3
Replies

Firepower Traffic Blocked with Default Action but same permitted other

Danny Dulin
Level 1
Level 1

‎08-07-2024 01:51 PM

We are experiencing an issue where a packet is blocked by a Default Action but previous and subsequent traffic between the same src and dst is permitted. The blocked traffic event has no Ingress or Egress interface.
 
The traffic has ACP that permits Any VLAN to ANY network on 443.
 
NOTE: There are other similar events on different ports.
0 Helpful
3 Replies 3

MHM Cisco World
VIP
VIP

‎08-07-2024 02:02 PM

Can you more elaborate 

MHM

0 Helpful

Danny Dulin
Level 1
Level 1
In response to MHM Cisco World

‎08-08-2024 05:53 AM

Here's an example.

I have an ACP that permits Any -> Any Port 443.

I see connection events permitting 10.5.5.5 -> 192.168.5.155 port 443

I also see connection events blocking 10.5.5.5 -> 192.168.5.155 port 443

The blocked connection events have no ingress or egress data.

The blocked event identifies "Default Action" as the ACP rule the FW rule that decided the action.

There's no reason for the block other than the device could not find a rule to match the traffic, but the reality is there is a rule.

 

MHM Cisco World
VIP
VIP
In response to Danny Dulin

‎08-09-2024 02:53 AM

I send to you PM please check it 

MHM

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card