06-02-2021 10:56 AM
Packet-tracer doesn't work reliably when you have upper layer rules on an FMC. Rules often show traffic is passed, when the FMC will actually block it. I know there is a similar method, and I heard that Cisco will eventually fix packet-tracer to work with the higher layer rules. Can someone send over directions? I've not been able to find this in the Firepower documentation. Thanks
Solved! Go to Solution.
06-02-2021 11:14 AM
It's not exactly the same, but if you have live traffic to check with you can get more reliable output using system support firewall-engine-debug and system-support-trace output.
06-02-2021 11:14 AM
It's not exactly the same, but if you have live traffic to check with you can get more reliable output using system support firewall-engine-debug and system-support-trace output.
06-02-2021 11:20 AM
That's exactly what I was looking for. Thank you!
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: