Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
234
Views
1
Helpful
1
Replies

FTD / FMC - "Snort - Denied Flows"

brettp
Level 1
Level 1

‎05-28-2025 10:14 AM - edited ‎05-28-2025 10:15 AM

Hello, I can not find an answer to this anywhere online. It would seem self-explanatory, but apparently it's not. What encompasses the "Snort - Denied Flows" that can be seen for the FTD in FMC's Health Monitor? The numbers I am seeing in the "Snort - Denied Flow" section do not match the number of IPS/SI blocks logged. In fact, the are no IPS rule or SI blocks happening (and I am somewhat certain of this because I log them all) but the Snort - Denied Flow stats go up and down all day. What other events contribute to Snort denied flows that would be show on this graph? Any insight is appreciated. Thanks!

Screenshot 2025-05-28 at 1.03.48 PM.png

1 person had this problem
1 Reply 1

ivanzrv
Level 1
Level 1

‎05-28-2025 11:01 AM

You are correct - I have asked myself the same question. To me it looks like all that is blocked by ACL is also reported blocked by Snort - especially if you have GeoBlock( after the Geolocation block is activated all ACLs (below the GeoBlock ACL) have no hit counts as they are Snort blocked).

It will be interesting to find out more about this behavior?   

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card