06-02-2021 10:56 AM
Packet-tracer doesn't work reliably when you have upper layer rules on an FMC. Rules often show traffic is passed, when the FMC will actually block it. I know there is a similar method, and I heard that Cisco will eventually fix packet-tracer to work with the higher layer rules. Can someone send over directions? I've not been able to find this in the Firepower documentation. Thanks
Solved! Go to Solution.
06-02-2021 11:14 AM
It's not exactly the same, but if you have live traffic to check with you can get more reliable output using system support firewall-engine-debug and system-support-trace output.
06-02-2021 11:14 AM
It's not exactly the same, but if you have live traffic to check with you can get more reliable output using system support firewall-engine-debug and system-support-trace output.
06-02-2021 11:20 AM
That's exactly what I was looking for. Thank you!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide