07-18-2018 06:15 AM - edited 02-21-2020 07:59 AM
Hi,
We have a pair of ASA 5585-X with Firepower ssp-60. They are deployed in multiple context mode, and the contexts are connected in cascade (traffic passes through multiple contexts).
All connections are logged twice in FMC, once on each context that logs the connection.
But when an attack is detected, only one event is generated, on one of the contexts.
So is this a normal/expected behavior or we have to do some adjustments?
Solved! Go to Solution.
07-18-2018 10:19 AM
Hi There,
its expected behavior. Firepower module is not fully aware of the context on ASA so traffic might travel through the module more than once which will be logged more than once.
But for the intrusion events, it will be only one event for duplicate traffic which will logged only once for intrusion event.
Hope it helps,
Yogesh
07-18-2018 10:19 AM
Hi There,
its expected behavior. Firepower module is not fully aware of the context on ASA so traffic might travel through the module more than once which will be logged more than once.
But for the intrusion events, it will be only one event for duplicate traffic which will logged only once for intrusion event.
Hope it helps,
Yogesh
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide