Has anyone had any issues with these rules allowing traffic they shouldn't be ? We've had this twice that we know of. The first time around someone added a rule that wasn't specific enough and didn't enable logging so there were lessons learned there.
The recent one is that a URL is working from a client and there is no matching allow rule. From the logs you can see the traffic matching our deny rule but the Dev was certain it was working. A traffic capture and firewall-engine-debug confirmed this. What's happening is that some packets are allowed on an application rule in this case (as expected). The rest of the criteria matches so it allows a few packets to identify the app before reaching a decision, as it does with URLs. The problem is that during this time the 3 way handshake completes and the data push commences. Now there is a flow any subsequent packets aren't checked against the ACL (again as expected with stateful FW). The first time we consulted Cisco they said it was a bug, I assume once it matches a deny rule there should be a routine to clear any flows created while identifying the traffic ?
I will consult Cisco again but just wondering if anyone else has noticed this ? Like I say difficult to spot as the only logs show the traffic being blocked.
Hello,i have a N5k-k5548up-af and i have a acl for trusted network which is attached to line vty and to my uplinks interface, and i have around 250 interface vlan and my interface vlans can reach bgp port or snmp port, is there nayway that tune copp to pe...
This event had place on Tuesday 22nd, Septemberat 10hrs PDT
Omar Santos is an active member of the cyber security community, where he leads several industry-wide initiatives and standards bodies. His active role help...
Cisco Defense Orchestrator (CDO) is a cloud-based, multi-device manager that manages security products like Adaptive Security Appliance (ASA), Firepower Threat Defense next-generation firewall, and Meraki devices, to name a few.
We make improvement...
There has been a lot of grey area when one needs to get started with ISE or when one does not have any specific background.Could you please guide me to what are the thing that one needs to know inside out and what are the things which require only a minim...
Hello Guys, I'm trying to create a simple script to create new objects on FMC via API, but I'm facing issues(Python 3.8). Script(that pretty simple, I'm not programmer, but I'm trying): import base64import sysimport requestsimport reimport ...