Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
499
Views
0
Helpful
1
Replies

Firewpower auto recommendation.

adamgibs7
Level 6
Level 6

‎02-24-2018 11:03 AM - edited ‎02-21-2020 07:25 AM

Dears,

firepower auto recommendation were configured how I will know the difference between the last recommendation and the new recommendation , becz I am facing some traffic drops issue after updating to the latest recommendation.

thanks

Labels:
0 Helpful
1 Reply 1

argrullo
Cisco Employee
Cisco Employee

‎02-25-2018 06:31 AM

Hello Adam, 

Are you setting the firepower recommended rules automatically to install/download?

 

Normally when you manually run the recommendations, there is an option to only generate the recommendations, a "looking glass" would show after they are generate so you can see the changes between what you had and the new state. After reviewing, you can choose to apply them. 

 

If they are automatically applied/ you have a task for it, then I do not know of a way to see the changes. 

But, if you are seeing drops in your traffic, and it is the new IPS Policy, you should see an IPS/Connection event. 

 

Analysis > Intrusion > Events

The value within the parenthesis, the first number, is the SID rule. 

 

If you need help to identify the rule that might be causing the issue, you can always open a TAC SR to help you identify and modify your rule. 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card