Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
278
Views
1
Helpful
2
Replies

FTD CLI ACP vs FMC ACP

Go to solution
dcanady55
Level 1
Level 1

‎01-30-2024 12:57 PM

Please help me understand the following scenario.

I have a L7 application block rule in the FMC yet in the CLI that rule doesn't show a block and quite a few hits.

dcanady55_0-1706647833707.png

dcanady55_1-1706647866772.png

Then if I look at another rule in the FMC that I have setup with a block and compare that CLI output you can see there is a deny in the statement with a hit count of zero. 

dcanady55_2-1706647919907.png

dcanady55_4-1706648031120.png

Thanks,

 

 

1 Accepted Solution

Accepted Solutions

Go to solution
Marius Gunnerud
VIP
VIP

‎01-30-2024 02:54 PM

What you see in the CLI is the LINA access rule.  In the first access rule where you are blocking Bittorrent, the inspection and eventual drop will be done in SNORT, there for the LINA needs to permit the traffic so it will be forwarded to SNORT.

In the second access rule you are blocking all traffic and therefor there is not need for traffic to go to SNORT and it will be dropped on LINA.

--
Please remember to select a correct answer and rate helpful posts

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Marius Gunnerud
VIP
VIP

‎01-30-2024 02:54 PM

What you see in the CLI is the LINA access rule.  In the first access rule where you are blocking Bittorrent, the inspection and eventual drop will be done in SNORT, there for the LINA needs to permit the traffic so it will be forwarded to SNORT.

In the second access rule you are blocking all traffic and therefor there is not need for traffic to go to SNORT and it will be dropped on LINA.

--
Please remember to select a correct answer and rate helpful posts
0 Helpful

Go to solution
MHM Cisco World
VIP
VIP

‎01-30-2024 03:15 PM - edited ‎01-30-2024 03:17 PM

If the IP's for same traffic then 

First policy make traffic pass ACP l3/l4 and forward to snort for inspection' 

Second make traffic (same one) inspect by ACP l7 in Snort.

MHM

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card