cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
206
Views
0
Helpful
2
Replies

FMC FastPath vs Trust with logging

davparker
Level 1
Level 1

Hello,
I'm trying to figure out a way to suppress logging to the FMC console for DNS_over_TCP & DNS_over_UDP from Umbrella VAs to the Umbrella public DNS servers. That traffic is cluttering the console. It is trusted and secure. I don't really want to send this through the inspections or SI. Initially I thought FastPath would do it, but traffic still exits the ACP policy for Internet_Allowed and gets logged. I tried adding a Allow rule for this traffic just above the Internet_Allowed rule with no inspection or logging, but traffic is still exiting the Internet_Allowed ACP rule. Next, I tried a Packet Tracer to see which rules are getting hit, but I seem to be unable to simulate DNS_over_TCP or DNS_over_UDP. Those port options don't exist. I'm running 7.2x

Any thoughts? David

1 Accepted Solution

Accepted Solutions

I am a little unclear on the structure of your ACP, screenshots would be good.

However, placing the DNS rule in the prefilter policy and selecting fastpath (and not enabling logging) should achieve what you are trying to do.

--
Please remember to select a correct answer and rate helpful posts

View solution in original post

2 Replies 2

I am a little unclear on the structure of your ACP, screenshots would be good.

However, placing the DNS rule in the prefilter policy and selecting fastpath (and not enabling logging) should achieve what you are trying to do.

--
Please remember to select a correct answer and rate helpful posts

So, in the Prefilter Policy, instead of specifying ports DNS_over_TCP and UDP_over_TCP I specified tcp/443 & udp/443 for traffic between the Umbrella VAs and the Umbrella Public Servers. I guess I made an assumption that the predefined ports were for DNScrypt. Must not be the case...

Thanks - David

Review Cisco Networking for a $25 gift card