07-21-2025 02:18 AM
Hi everybody;
My lab consists one FMCv with version 7.4.2.3 and one FTDv in Routed mode with version 7.4.2.3. I have created an Access Control Rule with the following conditions:
I have also configured the logging operation as follows:
Now when a user with IP address 192.168.10.10 tries to open a web site published on a Windows Server behind FTDv, FMC does not log any Connection Events. Every other network access to the server is logged correctly and successfully.
Any ideas?
Thanks
07-21-2025 02:31 AM
Use packet tracer feature of fmc
Check if traffic hit the correct ACL or not
MHM
07-21-2025 02:49 AM - edited 07-21-2025 02:52 AM
Thanks. Using the Packet Tracer functionality, it matches the correct ACL.
07-21-2025 02:58 AM
Points to check
1- trust don't have log function, change action to allow (permit)
2- some traffic need to config with log at beginning
MHM
07-21-2025 05:31 AM
Good points @MHM Cisco World .
@rezaalikhani also note that "log at end of connection" only triggers for a Permit rule where the connection closes gracefully with a TCP FIN
07-21-2025 06:25 AM
@Marvin Rhoads @MHM Cisco World So, the Trust action does not trigger a log even if I have selected the "Log at end of connection" option in the Logging session?
07-21-2025 06:27 AM
Yes
MHM
07-21-2025 09:02 AM
@MHM Cisco World The funny thing is that, if you use Packet Tracer, it generates an event, even if you select Trust action. Any ideas?
Thanks
07-21-2025 09:10 AM
How you config packet tracer?
Are you use correct interface as ingress interface
Are you use real Ip or map ip (if you use NAT)
MHM
07-22-2025 08:17 AM
07-22-2025 09:07 AM
I see ingress interface is different between two packet tracer?
MHM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide