cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
280
Views
3
Helpful
10
Replies

FMC does not log HTTP/HTTPS Connection Events

Hi everybody;

My lab consists one FMCv with version 7.4.2.3 and one FTDv in Routed mode with version 7.4.2.3. I have created an Access Control Rule with the following conditions:

1.png

 

I have also configured the logging operation as follows:

2.png

 

Now when a user with IP address 192.168.10.10 tries to open a web site published on a Windows Server behind FTDv, FMC does not log any Connection Events. Every other network access to the server is logged correctly and successfully.

Any ideas?

Thanks

 

 

 

 

10 Replies 10

Use packet tracer feature of fmc 

Check if traffic hit the correct ACL or not 

MHM

Thanks. Using the Packet Tracer functionality, it matches the correct ACL.

1.png

 



Points to check

1- trust don't have log function, change action to allow (permit)

2- some traffic need to config with log at beginning

MHM

Good points @MHM Cisco World .

@rezaalikhani also note that "log at end of connection" only triggers for a Permit rule where the connection closes gracefully with a TCP FIN

@Marvin Rhoads @MHM Cisco World So, the Trust action does not trigger a log even if I have selected the "Log at end of connection" option in the Logging session?

Yes 

MHM

@MHM Cisco World The funny thing is that, if you use Packet Tracer, it generates an event, even if you select Trust action. Any ideas?

1.png

 

Thanks

 

How you config packet tracer?

Are you use correct interface as ingress interface 

Are you use real Ip or map ip (if you use NAT)

MHM

1.png

 

I see ingress interface is different between two packet tracer?

MHM

Review Cisco Networking for a $25 gift card