cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
480
Views
0
Helpful
4
Replies

Question on syslog message %FTD-6-302013 after transition from ASA

spfister336
Beginner
Beginner

We are analyzing the logs from all of our devices. Recently, a question came up on the %FTD-6-302013 message. It appears to be only happening on outbound connections from the inside network to the outside. We never see messages like that for connections inbound into the inside network. There really isn't much of anything allowed to make new connections from the outside into our network. Does this message not get generated for blocked connections?

4 Replies 4

balaji.bandi
VIP Guru VIP Guru
VIP Guru

until we see you ACP rule we are not sure how that error related to

 

check the more explanation of Logs

https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/b_fptd_syslog_guide/syslogs3.html#con_4770603

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Any particular rule that you need to see?

Marvin Rhoads
VIP Community Legend VIP Community Legend
VIP Community Legend

Blocked connections are only connection attempts. If the tcp SYN packet is blocked then no %FTD-6-302013 message is generated.

Thanks for the responses. I think the question I am being asked and I'm trying to research is this:

 

It looks like for an outbound connection the syslog message is written to the log as a connection inbound into the inside interface. Is there any way to get it to be logged as an outbound connection through the outside interface? I think the log analyzer may be getting confused by what is an outbound connection from our network, and there is an 'inbound' keyword in the message.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers