Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
732
Views
0
Helpful
1
Replies

only one event triggered in cascade multiple context ASA

Go to solution
borutlape
Level 1
Level 1

‎07-18-2018 06:15 AM - edited ‎02-21-2020 07:59 AM

Hi,

 

We have a pair of ASA 5585-X with Firepower ssp-60. They are deployed in multiple context mode, and the contexts are connected in cascade (traffic passes through multiple contexts).

All connections are logged twice in FMC, once on each context that logs the connection.

But when an attack is detected, only one event is generated, on one of the contexts.

So is this a normal/expected behavior or  we have to do some adjustments?

 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
yogdhanu
Cisco Employee
Cisco Employee

‎07-18-2018 10:19 AM

Hi There,

 

its expected behavior. Firepower module is not fully aware of the context on ASA so traffic might travel through the module more than once which will be logged more than once.

But for the intrusion events, it will be only one event for  duplicate traffic which will logged only once for intrusion event.

 

Hope it helps,

Yogesh

View solution in original post

0 Helpful
1 Reply 1

Go to solution
yogdhanu
Cisco Employee
Cisco Employee

‎07-18-2018 10:19 AM

Hi There,

 

its expected behavior. Firepower module is not fully aware of the context on ASA so traffic might travel through the module more than once which will be logged more than once.

But for the intrusion events, it will be only one event for  duplicate traffic which will logged only once for intrusion event.

 

Hope it helps,

Yogesh

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card