Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
500
Views
2
Helpful
4
Replies

FTD 1010 - Traffic No Action Policy

Go to solution
Othacon
Level 1
Level 1

‎12-13-2024 06:14 AM

Hi all,

I've configured a Cisco FTD 1010 and I'm having a weird behavior happening. I've configured all the policies from inside to outside and the default action is to block.

I've configured several policies and I can see them being allowed and matching correctly, but then I saw this:

Othacon_0-1734098826882.png

 

The default action of the firewall is to block. Why is the firewall not matching any traffic and putting the traffic in No Action??

Please anyone can help?

Thank you all

 

 

 

1 Accepted Solution

Accepted Solutions

Go to solution
ckleopa
Cisco Employee
Cisco Employee
In response to Othacon

‎12-14-2024 11:27 AM

This can happen when an access control rule has not finished evaluating a connection and at that point the connection just breaks our stops outside the firewall. At that point the rule was still pending and it logged the latest state it was evaluating at the time. If that’s what it is it’s possible you have an Application rule that requires more packets to be fully evaluated. 
Future versions will include this state as a new state as part of the Reason field to avoid confusion. 

View solution in original post

4 Replies 4

Go to solution
MHM Cisco World
VIP
VIP

‎12-13-2024 06:16 AM

can I see show access-list of FTD

MHM

0 Helpful

Go to solution
Othacon
Level 1
Level 1
In response to MHM Cisco World

‎12-13-2024 06:27 AM - edited ‎12-13-2024 06:28 AM

hi @MHM Cisco World  

unfortunately I really can't put the entire rule list, but I can put the last ones, please see below:

access-list NGFW_ONBOX_ACL line 34 remark rule-id 268435458: ACCESS POLICY: NGFW_Access_Policy
access-list NGFW_ONBOX_ACL line 35 remark rule-id 268435458: L5 RULE: Blocked Traffic
access-list NGFW_ONBOX_ACL line 36 advanced deny object-group |acSvcg-268435458 ifc inside any ifc outside any rule-id 268435458 event-log both (hitcnt=483795) (Last Hit=14:19:25 UTC Dec 13 2024) 0x7aae9053
access-list NGFW_ONBOX_ACL line 36 advanced deny ip ifc inside any ifc outside any rule-id 268435458 event-log both (hitcnt=483795) (Last Hit=14:19:25 UTC Dec 13 2024) 0xe41ebd9d
access-list NGFW_ONBOX_ACL line 37 remark rule-id 1: ACCESS POLICY: NGFW_Access_Policy
access-list NGFW_ONBOX_ACL line 38 remark rule-id 1: L5 RULE: DefaultActionRule
access-list NGFW_ONBOX_ACL line 39 advanced deny ip any any rule-id 1 event-log both (hitcnt=278693635) (Last Hit=14:19:26 UTC Dec 13 2024) 0x84953cae

 

Since the rules are configured I would expect for them to match their respective policies, but from the image, the FTD is not matching some traffic with anything and it's putting it as No Action, and i really can't understand why. I even double on the deny action to no avail

 

Thank you

0 Helpful

Go to solution
MHM Cisco World
VIP
VIP
In response to Othacon

‎12-13-2024 06:32 AM

I will send you some hints about FTD ACL

Thanks 

MHM

0 Helpful

Go to solution
ckleopa
Cisco Employee
Cisco Employee
In response to Othacon

‎12-14-2024 11:27 AM

This can happen when an access control rule has not finished evaluating a connection and at that point the connection just breaks our stops outside the firewall. At that point the rule was still pending and it logged the latest state it was evaluating at the time. If that’s what it is it’s possible you have an Application rule that requires more packets to be fully evaluated. 
Future versions will include this state as a new state as part of the Reason field to avoid confusion. 

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card