02-09-2016 06:08 PM - edited 03-10-2019 06:33 AM
I can't seem to get firepower to alert on communication from 1 inside interface to another. I only get it to trigger when I go from inside to outside. Any thoughts? I even modified the HOME_NET to be any. I have the sfr policy global and the 2 interfaces are 1 inside interface and a subinterface off of that.
02-09-2016 07:15 PM
So the global policy only applies if an interface policy does not apply.
I normally apply the sfr policy to all interfaces except the outside interface (at least, every interface I want inspected), and let the global inspection policy (not using sfr) act on that.
02-10-2016 04:53 AM
Hi Philip,
So you do
service-policy sfr-service-policy interface inside
service-policy sfr-service-policy interface dmz
etc?
02-10-2016 11:50 AM
Yes, that is my preferred deployment approach.
This differs from the way Cisco shows in their documents. The nice thing about this way is you can still use FTP fixups and the like.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide