Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
662
Views
0
Helpful
3
Replies

Inside another inside interface not triggering firepower signatures

babiojd01
Level 1
Level 1

‎02-09-2016 06:08 PM - edited ‎03-10-2019 06:33 AM

I can't seem to get firepower to alert on communication from 1 inside interface to another. I only get it to trigger when I go from inside to outside. Any thoughts? I even modified the HOME_NET to be any. I have the sfr policy global and the 2 interfaces are 1 inside interface and a subinterface off of that. 

Labels:
0 Helpful
3 Replies 3

Philip D'Ath
VIP Alumni
VIP Alumni

‎02-09-2016 07:15 PM

So the global policy only applies if an interface policy does not apply.

I normally apply the sfr policy to all interfaces except the outside interface (at least, every interface I want inspected), and let the global inspection policy (not using sfr) act on that.

0 Helpful

babiojd01
Level 1
Level 1
In response to Philip D'Ath

‎02-10-2016 04:53 AM

Hi Philip,

So you do
service-policy sfr-service-policy interface inside

service-policy sfr-service-policy interface dmz

etc?

0 Helpful

Philip D'Ath
VIP Alumni
VIP Alumni
In response to babiojd01

‎02-10-2016 11:50 AM

Yes, that is my preferred deployment approach.

This differs from the way Cisco shows in their documents.  The nice thing about this way is you can still use FTP fixups and the like.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card