Packet drops on Firepower inline-set Interface..
We have setup where having 2 JUNOS Active/Passive firewall connected to Cisco VSS switch
we placed the 4150 IPS in between with 2 Inline-Set with ACL policy allow all and un-checked "Drop when Inline" and malware policy enabled.
However when we placed the IPS inline, we could see traffic being proceed but with huge packet loss on the interfaces...
Also for interfaces under in one of the Inline set, we could see Ingress traffic but no egress and vice versa on other interface in same inline-set
please advise if some faced such behavior
Interface Ethernet2/1 "MBI_Trust_Inside", is up, line protocol is up
Hardware is EtherSVI, BW 1000 Mbps, DLY 10 usec
Hardware bypass is supported with interface Ethernet2/2
MAC address 10b3.d635.a24c, MTU 9000
IPS Interface-Mode: inline, Inline-Set: Active-Inline-Set
IP address unassigned
Traffic Statistics for "MBI_Trust_Inside":
3837280 packets input, 4163324785 bytes
0 packets output, 0 bytes
91048 packets dropped
1 minute input rate 3887 pkts/sec, 4199680 bytes/sec
1 minute output rate 0 pkts/sec, 0 bytes/sec
1 minute drop rate, 102 pkts/sec
5 minute input rate 4178 pkts/sec, 4485066 bytes/sec
5 minute output rate 0 pkts/sec, 0 bytes/sec
5 minute drop rate, 102 pkts/sec
Control Point Interface States:
Interface number is 15
Interface config status is active
Interface state is active
Interface Ethernet2/2 "MBI_Trust_Outside", is up, line protocol is up
Hardware is EtherSVI, BW 1000 Mbps, DLY 10 usec
Hardware bypass is supported with interface Ethernet2/1
MAC address 10b3.d635.a23c, MTU 9000
IPS Interface-Mode: inline, Inline-Set: Active-Inline-Set
IP address unassigned
Traffic Statistics for "MBI_Trust_Outside":
0 packets input, 0 bytes
7190569 packets output, 7911993166 bytes
5 packets dropped
1 minute input rate 0 pkts/sec, 0 bytes/sec
1 minute output rate 3804 pkts/sec, 4204844 bytes/sec
1 minute drop rate, 0 pkts/sec
5 minute input rate 0 pkts/sec, 0 bytes/sec
5 minute output rate 4097 pkts/sec, 4490680 bytes/sec
5 minute drop rate, 0 pkts/sec
Control Point Interface States:
Interface number is 16
Interface config status is active
Interface state is active
Interface Ethernet2/3 "MBI_Trust_Inside_Passive", is up, line protocol is up
Hardware is EtherSVI, BW 1000 Mbps, DLY 10 usec
Hardware bypass is supported with interface Ethernet2/4
MAC address 10b3.d635.a22c, MTU 9000
IPS Interface-Mode: inline, Inline-Set: Passive-Inline-Set
IP address unassigned
Traffic Statistics for "MBI_Trust_Inside_Passive":
94517359 packets input, 100321378170 bytes
87007187 packets output, 87318613769 bytes
200184 packets dropped
1 minute input rate 68701 pkts/sec, 75668294 bytes/sec
1 minute output rate 64723 pkts/sec, 69515708 bytes/sec
1 minute drop rate, 102 pkts/sec
5 minute input rate 71497 pkts/sec, 77957402 bytes/sec
5 minute output rate 67854 pkts/sec, 72222949 bytes/sec
5 minute drop rate, 102 pkts/sec
Control Point Interface States:
Interface number is 17
Interface config status is active
Interface state is active
Interface Ethernet2/4 "MBI_Trust_Outside_Passive", is up, line protocol is up
Hardware is EtherSVI, BW 1000 Mbps, DLY 10 usec
Hardware bypass is supported with interface Ethernet2/3
MAC address 10b3.d635.a21e, MTU 9000
IPS Interface-Mode: inline, Inline-Set: Passive-Inline-Set
IP address unassigned
Traffic Statistics for "MBI_Trust_Outside_Passive":
90699466 packets input, 90577012209 bytes
100811819 packets output, 107013326928 bytes
99 packets dropped
1 minute input rate 64704 pkts/sec, 69505564 bytes/sec
1 minute output rate 68636 pkts/sec, 75682573 bytes/sec
1 minute drop rate, 0 pkts/sec
5 minute input rate 67833 pkts/sec, 72212412 bytes/sec
5 minute output rate 71436 pkts/sec, 77973000 bytes/sec
5 minute drop rate, 0 pkts/sec
Control Point Interface States:
Interface number is 18
Interface config status is active
Interface state is active
.jpeg){kind=link}
