Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
724
Views
0
Helpful
2
Replies

Firesight drops SQL well known traffic

jfigueroa8
Level 1
Level 1

‎07-02-2016 09:40 AM - edited ‎03-12-2019 06:03 AM

Good day

I just implement the Firesight solution, and I'm having issues because the Firesight drops SQL traffic. This traffic is well known and it´s part of our day to day traffic.

I would like to know how can I classify these traffic as well know o something to make the Firsight stop blocking the SQL traffic between our servers.

Stay pending for an answer, thanks a lot.

Labels:
0 Helpful
2 Replies 2

yogdhanu
Cisco Employee
Cisco Employee

‎07-02-2016 11:05 PM

Hi

It might to due to any IPS rules. I would suggest enable logging on all the rules in access control policy where IPS policy is applied and in default rule as well.

Then check the IPS events in analysis>Intrusion>events to see if any signature related to SQL is getting fired up.

Based on which signature is causing it, further analysis can be done to see if its false positive or expected.

Rate if helps.

Yogesh

0 Helpful

Ed Padilla Jr
Level 1
Level 1

‎07-15-2016 12:38 PM

Just "trust" this specific traffic from IP and Port with a Access Control Rule. Then do further investigation of why the details this is happening.

To be or Not to be

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card