Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
946
Views
0
Helpful
1
Replies

Threat-Detection Feature Blocking Traffic

latenaite2011
Level 4
Level 4

‎03-18-2018 03:04 PM - edited ‎02-21-2020 07:31 AM

How can I prevent the threat-detection from blocking assess to an IP?

 

I have disabled the basic threat-detection and have included that IP in the exception list.  I rebooted the ASA to make sure that there everything is released from memory but when, when I issue the "show threat-detection statistics | inc <IP Address>, it still show sup with an total session and active session.

 

I believe this is preventing us from accessing the IP, which is ok to access.

 

Thank you in advance,

LN

Labels:
0 Helpful
1 Reply 1

Bogdan Nita
VIP Alumni
VIP Alumni

‎03-22-2018 03:30 AM

Total sessions and active sessions in threat-detection statistics do not indicate traffic drops. Dropped sessions should show up in fw-drop, insp-drop, null-ses and bad-acc, depending on the reason the session has been dropped.

In this sort of situations it is helpful doing a packet capture on the incoming and outgoing interface and compare the 2 and see if the ASA is actually dropping traffic.

You could also do a asp-drop capture for the specific IPs and see if the packets are dropped and why.

 

HTH

Bogdan

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card