Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
10057
Views
5
Helpful
21
Replies

how do i see firepower traffic in firesight?

Go to solution
kelvin.lui11
Level 1
Level 1

‎05-12-2016 08:34 PM - edited ‎03-12-2019 06:00 AM

Hi all,

After i set the traffic through the module and added the firepower device to the defense center . In analysis > context explorer , it shows me that no data.Can i see the traffic in the defense center?

Thank you

1 person had this problem
Labels:
0 Helpful
21 Replies 21

Go to solution
kelvin.lui11
Level 1
Level 1
In response to ankojha

‎05-15-2016 09:32 PM

hi ankojha,

After i have removed those service policy .

The traffic looks the same.

0 Helpful

Go to solution
kelvin.lui11
Level 1
Level 1
In response to ankojha

‎05-15-2016 09:33 PM

0 Helpful

Go to solution
kelvin.lui11
Level 1
Level 1
In response to ankojha

‎05-16-2016 07:08 PM

hi !

is my traffic normal now?

0 Helpful

Go to solution
p.juarezponte
Level 1
Level 1

‎01-24-2018 07:21 AM - edited ‎01-24-2018 07:25 AM

Hello,

I have the same problem.

I cant see if traffic is really being inspected and permitted.

I attach some outputs.

 

Traffic redirected to firepower module:

access-list sfr_redirect remark Firepower flow
access-list sfr_redirect extended permit ip 10.2.0.0 255.255.0.0 any
access-list sfr_redirect extended permit ip any 10.2.0.0 255.255.0.0


class-map sfr
 match access-list sfr_redirect

 

policy-map global_policy
 class sfr
  sfr fail-open

I believe traffic is correctly redirected:

FW-ASA-RED-2# show conn
65 in use, 72 most used

UDP RED_1  225.3.50.1:7003 RED_TRANS_1  10.2.21.10:49298, idle 0:00:01, bytes 6605325, flags X
UDP RED_1  225.3.50.1:7003 RED_TRANS_1  10.2.21.41:52818, idle 0:00:02, bytes 6599658, flags X
UDP RED_1  225.3.50.1:7003 RED_TRANS_1  10.2.21.32:43335, idle 0:00:00, bytes 6910327, flags X
UDP RED_1  225.3.50.1:7003 RED_TRANS_1  10.2.21.31:37568, idle 0:00:00, bytes 6921793, flags X
UDP RED_1  225.31.0.1:7003 RED_TRANS_1  10.2.21.31:1999, idle 0:00:01, bytes 258128, flags X
UDP RED_1  225.31.0.1:7003 RED_TRANS_1  10.2.21.10:44191, idle 0:00:00, bytes 2648370, flags X
UDP RED_1  225.31.0.1:7003 RED_TRANS_1  10.2.21.32:1999, idle 0:00:01, bytes 258492, flags X
UDP RED_1  225.31.0.1:7003 RED_TRANS_1  10.2.21.60:7003, idle 0:00:00, bytes 2650434, flags X
UDP RED_1  225.31.0.1:7003 RED_TRANS_1  10.2.21.41:7003, idle 0:00:00, bytes 2650176, flags X
PIM RED_1 172.16.2.14 RED_TRANS_1  192.168.10.2, idle 0:00:00, bytes 3472539, flags 

 

FW-ASA-RED-2# show service-policy sfr

Global policy:
  Service-policy: global_policy
    Class-map: sfr
      SFR: card status Up, mode fail-open
        packet input 22420, packet output 22420, drop 0, reset-drop 0
FW-ASA-RED-2#

 

And is correctly associated to firesight:

FW-ASA-RED-2# show module sfr details
Getting details from the Service Module, please wait...

Card Type:          FirePOWER Services Software Module
Model:              ASA5545
Hardware version:   N/A
Serial Number:      FCH2118799S
Firmware version:   N/A
Software version:   6.2.2-81
MAC Address Range:  70df.2f32.bfda to 70df.2f32.bfda
App. name:          ASA FirePOWER
App. Status:        Up
App. Status Desc:   Normal Operation
App. version:       6.2.2-81
Data Plane Status:  Up
Console session:    Ready
Status:             Up
DC addr:            10.2.51.40                                                  
Mgmt IP addr:       10.2.51.31                                                  
Mgmt Network mask:  255.255.255.0                                               
Mgmt Gateway:       10.2.51.1                                                   
Mgmt web ports:     443                                                         
Mgmt TLS enabled:   true                                                        
FW-ASA-RED-2#

 

Firesight doesn't show any statistics:

traffic firepower.JPG

 

Logging is enabled on ACL:

traffic firepower_acl_logging.JPG

 

 

And here is my policy:

traffic firepower_acl_policy.JPG

 

 

 

Don't know which is the problem and I don't know what to change to make it works.

 

Please help.

 

 

 

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to p.juarezponte

‎01-24-2018 08:46 AM

Have you applied the Protect + Control license to the device?

 

Is it correct to assume that Analysis > Connection Events also shows nothing?

0 Helpful

Go to solution
p.juarezponte
Level 1
Level 1
In response to Marvin Rhoads

‎01-24-2018 08:53 AM

Yes Marvin,

I have two ASAs (1 on routed mode and the other like transparent) on the firesight but can't see anything.

 

traffic firepower events.JPG

 

I have both firewalls licensed with Protection and Control.

 

Any help would be appreciated.

 

traffic firepower licenses.JPG

0 Helpful

Go to solution
p.juarezponte
Level 1
Level 1
In response to p.juarezponte

‎02-08-2018 12:49 AM

Hello,

Any ideas?

I still couldn't fix this

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card