Showing results for 
Search instead for 
Did you mean: 

system support firewall-engine-debug shows rules being bypassed


It appears this particular firewall is not acknowledging the last rule prior to default action. Its the only firewall in our fleet ignoring that rule. I test all other firewalls and confirmed they are matching. I made sure the zones are applied to interfaces. Not sure what i am missing. Running 7.0.1 version of FDM/FTD 53343 -> 443 6 AS=0 ID=1 GR=1-1 Starting with minimum 0, id 0 and SrcZone first with zones -1 -> -1, geo 0(xff 0) -> 0, vlan 0, src sgt: 0, src sgt type: unknown, dst sgt: 0, dst sgt type: unknown, svc 1122, payload 1423, client 1296, misc 0, user 9999997, url, host, no xff 53343 -> 443 6 AS=0 ID=1 GR=1-1 no match rule order 1, 'Permit VPN 1', dst network, GEO, FQDN 53343 -> 443 6 AS=0 ID=1 GR=1-1 no match rule order 2, 'Permit VPN 2', src network, GEO, FQDN 53343 -> 443 6 AS=0 ID=1 GR=1-1 match rule order 3, 'Default Action', action Allow 53343 -> 443 6 AS=0 ID=1 GR=1-1 allow action



1 Reply 1

Marius Gunnerud
VIP Advisor VIP Advisor
VIP Advisor

Is there an interface associated with the outside_zone for that FTD?

If there is, perhaps there is something in snort that is allowing the traffic,  Have a look at system support trace in the CLI

Please remember to select a correct answer and rate helpful posts
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers