Solved: In Cisco FTD firewall access policies, ID numbers are sho...

ShareefKooliyodan0444 · ‎09-10-2023

Guys Please help me ..

why showing ID numbers instead of policy name in cisco ftd firewall access policy? also this policy not get hit when access from client pc falcon.crowdstrike.com.

please check below results :

system support firewall-engine-debug

n, dst sgt: 0, dst sgt type: unknown, svc -1, payload -1, client -1, misc -1, user 9999999
192.168.176.11 443 -> 13.52.93.220 443 6 AS=0 ID=10 GR=1-1 no match rule order 2, 'Block_URL', app s=-1 c=-1 p=-1 m=-1
192.168.176.11 443 -> 13.52.93.220 443 6 AS=0 ID=10 GR=1-1 no match rule order 5, 'Blocked MOI IN to OUT', dst network, GEO, FQDN
192.168.176.11 443 -> 13.52.93.220 443 6 AS=0 ID=10 GR=1-1 no match rule order 9, 'Block-CCTV-To-Internet & KIN', src network, GEO, FQDN
192.168.176.11 443 -> 13.52.93.220 443 6 AS=0 ID=10 GR=1-1 no match rule order 12, id 268437637 no host
192.168.176.11 443 -> 13.52.93.220 443 6 AS=0 ID=10 GR=1-1 no match rule order 13, 'Servers to CrowdStrike', src network, GEO, FQDN
192.168.176.11 443 -> 13.52.93.220 443 6 AS=0 ID=10 GR=1-1 no match rule order 14, 'Servers to CarbonBlack', src network, GEO, FQDN
192.168.176.11 443 -> 13.52.93.220 443 6 AS=0 ID=10 GR=1-1 no match rule order 15, 'Servers to SecureWorks', src network, GEO, FQDN
192.168.176.11 443 -> 13.52.93.220 443 6 AS=0 ID=10 GR=1-1 no match rule order 16, 'Servers to Windows Update', src network, GEO, FQDN
192.168.176.11 443 -> 13.52.93.220 443 6 AS=0 ID=10 GR=1-1 no match rule order 17, 'Servers Without Internet', src network, GEO, FQDN
192.168.176.11 443 -> 13.52.93.220 443 6 AS=0 ID=10 GR=1-1 no match rule order 18, 'Block-B1-Archive-PCs-Internet', src network, GEO, FQDN
192.168.176.11 443 -> 13.52.93.220 443 6 AS=0 ID=10 GR=1-1 no match rule order 19, 'Block NOC PC Internet', src network, GEO, FQDN
192.168.176.11 443 -> 13.52.93.220 443 6 AS=0 ID=10 GR=1-1 no match rule order 20, 'Block-NEW-DMZs-Communication', SrcZone
192.168.176.11 443 -> 13.52.93.220 443 6 AS=0 ID=10 GR=1-1 no match rule order 21, 'Block 192.168.20.5 Internet', src network, GEO, FQDN
192.168.176.11 443 -> 13.52.93.220 443 6 AS=0 ID=10 GR=1-1 match rule order 22, 'New_Dmz_to _Outside_No Internet', action Block
192.168.176.11 443 -> 13.52.93.220 443 6 AS=0 ID=10 GR=1-1 Got end of flow event from hardware with flags 00006001
192.168.176.11 443 -> 13.52.93.220 443 6 AS=0 ID=10 GR=1-1 Rule Match Data: rule_id 0, rule_action 0 rev_id 0, rule_flags 0
192.168.176.11 443 -> 13.52.93.220 443 6 AS=0 ID=10 GR=1-1 Received EOF, deleting the snort session
192.168.176.11 443 -> 13.52.93.220 443 6 AS=0 ID=10 GR=1-1 Deleting Firewall session

Cisco_Virtual_Engineer · ‎09-12-2023

In Cisco FTD firewall access policies, ID numbers are shown instead of policy names because the firewall uses these IDs to internally identify and track policies and their configurations. Every access policy configured in Cisco FTD is assigned a unique ID number, which is then used for referencing and managing policies within the firewall.

For example, when you configure an access policy, the firewall assigns an ID number. This ID can be used to reference the policy in various commands and configurations. So when you view the access policy, either through the Command Line Interface (CLI) or the graphical user interface, you will see the ID number associated with the policy, not its name.

This use of ID numbers instead of policy names allows for more efficient management of access policies within the firewall. It ensures that each policy can be uniquely identified, eliminating any ambiguity or confusion that might arise from using policy names.

Thus, seeing ID numbers instead of policy names in Cisco FTD firewall access policies is a standard behaviour and does not indicate any issues or problems with the firewall.

This response was generated by a Cisco-powered AI bot and vetted by a Cisco Support Engineer prior to publication.
This is part of a monitored experiment to see if the bot can help answer questions alongside community members. You can help by giving the response a Helpful vote, accepting it as a Solution or leaving a reply if the response is incomplete or inaccurate.

View solution in original post

Cisco_Virtual_Engineer · ‎09-12-2023

In Cisco FTD firewall access policies, ID numbers are shown instead of policy names because the firewall uses these IDs to internally identify and track policies and their configurations. Every access policy configured in Cisco FTD is assigned a unique ID number, which is then used for referencing and managing policies within the firewall.

For example, when you configure an access policy, the firewall assigns an ID number. This ID can be used to reference the policy in various commands and configurations. So when you view the access policy, either through the Command Line Interface (CLI) or the graphical user interface, you will see the ID number associated with the policy, not its name.

This use of ID numbers instead of policy names allows for more efficient management of access policies within the firewall. It ensures that each policy can be uniquely identified, eliminating any ambiguity or confusion that might arise from using policy names.

Thus, seeing ID numbers instead of policy names in Cisco FTD firewall access policies is a standard behaviour and does not indicate any issues or problems with the firewall.

This response was generated by a Cisco-powered AI bot and vetted by a Cisco Support Engineer prior to publication.
This is part of a monitored experiment to see if the bot can help answer questions alongside community members. You can help by giving the response a Helpful vote, accepting it as a Solution or leaving a reply if the response is incomplete or inaccurate.