Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3033
Views
0
Helpful
2
Replies

FMC/FTD and Rule Latency Thresholding.

Go to solution
maguiluzfr
Level 1
Level 1

‎02-26-2020 03:53 PM

Hi,

 

I have a several ASAs converted to FTD, and I have enabled the latency rules 134:1 and 134:2 and I see several events generated .
I am not sure what happens to traffic once a rule is suspended. So, my question is:
If one rule is suspended because the latency threshold has been reached and the action for that rule is: allow, what would happen?
1. Traffic that should match that rule, does not match because it is suspended, and goes to the Default Action because does not match any other rule.
2. Traffic matches the rule, it is allowed, but it is not inspected.
3. None of the above.

 

Thanks,

Miguel

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Mohammed al Baqari
Level 11
Level 11

‎02-26-2020 08:05 PM

Hi,

The suspension will be for the snort rules not ACP rules. This means that
the packet will match the ACP rule and will be allowed (because your action
is allowed) but no inspection. All other actions will the rule will be
applied as well (for example generate event at beginning, end, etc).


**** please remember to rate useful posts.

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Mohammed al Baqari
Level 11
Level 11

‎02-26-2020 08:05 PM

Hi,

The suspension will be for the snort rules not ACP rules. This means that
the packet will match the ACP rule and will be allowed (because your action
is allowed) but no inspection. All other actions will the rule will be
applied as well (for example generate event at beginning, end, etc).


**** please remember to rate useful posts.
0 Helpful

Go to solution
maguiluzfr
Level 1
Level 1
In response to Mohammed al Baqari

‎02-26-2020 10:39 PM

Thanks Mohammed,

The documentation is not clear about that behavior. Do you have more information, that explain that, besides de config guide?

Regards,
Miguel.
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card