Inside this Rule update, the following SIDs in question for the RDP issue have been removed for now until the rules can be re-tuned.
Workaround by Updating SRU
To install the new SRU, please go to your Management Center or Management GUI of your device and go to the updates page itself.
Once you are on the updates page, you can install this by using the following option:
Step 1: On the Rule section of the update page, please select Download new Rule from the support site or manually update the rule package.
Warning: If you select to Reapply all polices after the rule update, please note that this will cause a Snort Restart for your environment during the deploy which can cause a short outage due to the Inspection process restarting.
Step 2: Once the update is complete, you can verify that it is currently running by checking the Version on the top left corner.
Step 3: If you did not decide to deploy when the download was completed, you will have to deploy this change out to devices.
Please note that upon deploy this will cause a snort restart similar to all other upgrades for the changing of the rules themselves.
Workaround without Updating by Disabling the SIDs
Currently, the best recommendation if you are affected is to disable the SID's themselves until the rules are released with the upcoming update.
Step 1: Verify your IPS Policy Configured
In your Access Control Policy, you can see your IPS policies configured by following the yellow Shield Icon representing the protection.
In some environments, you will see a section stated as "Intrusion Policy used before Access Control rule is determined" - This policy will also need to be edited if it is any other field than "No Rule Active"
Warning: If you are using the Default Policies labeled Maximum Detection, Connectivity Over Security, Balanced Security and Connectivity, and Security Over Connectivity, you will need to create a new IPS policy based upon these for editing individual rule criteria.
We just purchased an additional 200 AnyConnect Plus licenses to go with the previous 25 we had before. I went into our Smart Account and converted the PAK to a SmartLicense, and the refreshed the Smart License in the FMC. However, I just can't figure out ...
I have discovered an issue I'm hoping someone can help me with. We are using an asa 5516X as a VPN headend for RA. All the RA traffic goes from the inside interface of the ASA to an FTD 2130. We ran some speed tests and found that when the traffic goes th...
Hello, There is a requirement in my environment to integrate all devices to Symantec endpoint protection.. the fmc is a viritual fmc on a VM.. is it possible to integrate fmc with Symantec ? Does fmc support this integration ? Thanks.