cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

1067
Views
0
Helpful
2
Replies
Highlighted
Beginner

FTD 6.1 Application Detector - Not detecting certain connections

Anyone run into issues with FTD, in what appears to be random cases the application detection engine doesn't classify a flow with AVC application protocol / client information?

I have seen it on SYSLOG, NTP, NetBIOS-ssn (SMB [TCP 445]), and other applications.  It is not consistent, meaning NTP will be classified correctly for quite a while and then randomly a session will not be.  When it is not, there is no Application protocol / client / web application listed in the log entry for that connection.

This is a major issue as I am attempting to use AVC rules, and when the application detection doesn't work correctly the traffic hits the default action policy which is set to deny / block.

TAC suggested changing all the allow rules to log at the end of the connection.  They suggested that would provide more accurate logging when the initial packets of an application are not classified at that point.  That didn't have a impact and I currently running with a policy that includes temporary port / services rules.

Ralph

2 REPLIES 2
Highlighted
Beginner

Hello,

I am facing the same exact issue with application detector and i am running version 6.2.3.13.

 

have you solved the problem or found a solution?

 

Regards,

George 

Highlighted
Beginner

Hello,

I am facing the same exact issue with application detector and i am running version 6.2.3.13.

 

have you solved the problem or found a solution?

 

Please anyone can assist?

 

Regards,

George 

Content for Community-Ad