A work around was to place a Prefilter this way it doesn't reach snort, and traffic will pass. I was affected with this with Anyconnect fulltunnel ( no split tunnel). Users were no able to use internet. After the pre-filter everything work as expecte...
Has anyone been succesfull into replicating imported certificates from active to standby without using write standby? I had this situation with 9.5.2 but based on the bug CSCsr71150 this was fix on 9.4.
This work around is not longer needed.
Firepower Management Center 6.2.2.2 Patch or 6.2.3 will fix this problem, but if you are unable to apply patch or upgrade then workaround is a good way to go.
Since your net3 and net2 are on the same network the router or ASA wont allow same network on multiple interfaces with basic configuration.
With VRF on router you can arrange your setup with with the topology below, buuuuut
Router 10.10.10.0/24
Rou...
If you are using static nat for the server you could use dns doctoring and move the traffic internally without using the traffic leaving to the internet.
Phaneath,
!
class sfr
sfr fail-close
!
This is the normal behavior for sfr fail-close when the module becomes un-responsive probably because an rule upgrade, then the traffic will be blocked. If possible I would select fail-open and let you aler...
Easy, Logon to the web portal. If it auto login happens, make sure you click log off. After that you will need to login with the catcha, then you will be able to login as normal.
