Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1724
Views
0
Helpful
3
Replies

No syslog blocking in asa.

jbseong
Level 1
Level 1

‎12-06-2020 05:01 PM 

We have 1 asa product and fwsm product.

fwsm-asa
      ㅣ          
  syslog server

It has this configuration.

While sending syslog from fwsm to syslog server, asa set the policy to block fwsm syslog.

But still fwsm is sending logs to syslog server and hit count doesn't go up in asa.

But from the moment fwsm reboots, it is blocked in asa.

What the hell is this happening for?

Can't asa block blocking while in session?
0 Helpful
3 Replies 3

MHM Cisco World
VIP
VIP

‎12-06-2020 05:07 PM

syslog is UDP and have entry in conn,

you config policy after the conn have entry 
so it will bypass policy 
the only chance it will go through policy is delete from conn and this happened if you delete manually or as you mention reboot device initiate the syslog so that the entry is timeout and delete from conn table.

0 Helpful

jbseong
Level 1
Level 1
In response to MHM Cisco World

‎12-06-2020 05:37 PM

If so, is it that syslog is still communicating even if udp blocking policy is put in the state of session being established?

0 Helpful

MHM Cisco World
VIP
VIP
In response to jbseong

‎12-06-2020 05:51 PM

Yes if you config  policy after session established then ASA will bypass policy and the only way is clear conn entry manually in ASA

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card