Re: FMC Tunnel & Prefilter rules

ciscoworlds · ‎03-09-2018

Hi.

I believe it's a simple topic which has not been explained very clearly. I read about Tunnel & Prefilter rules on Cisco website and even on the books, but none of them was clear enough. So, Would u ask my questions here?

1. supposing we have not configured any Tunnel & Prefilter rules on FMC, if device gets a sample non-encrypted tunneled packet, e.g. GRE, what will be the process? Is it goes through normal Access Policies in "decapsulated" form (so access policies analyze only inner header) or in "encapsulated" form (so access policies analyze outer header)?

2. If we have configured a tunnel rule with "Analyze" action, will matched packets forwarded to be analyzed by normal access policies?

3. supposing we have configured rules as below:

What will happen if we get:

A) a FTP packet encapsulated inside a GRE packet

B) a SSH packet encapsulated inside a GRE packet

C) a IPv6 FTP packet encapsulated as IPv6-in-IP

tnx a lot.

tahscolony · ‎03-27-2025

Old topic, STILL relevant though. I have a similar situation regarding pre-filters that I have yet to have had answered as well. Mine deals with WCCP tunneling. How can I create a pre-filter rule that ignores the GRE over WCCP tunnels when running through an FTD between core network where the WSA resides and the firewall that is sandwiched between two IPS that is the WCCP endpoint and 443 redirector?

BTW thanks to the OP for the information posted. I had assumed that nothing could be added to the policy, turns out just to the default policy.