Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
972
Views
0
Helpful
1
Replies

5506X Files - SFR not in monitor mode but behaving that way

mekozloski
Level 1
Level 1

‎08-02-2015 06:02 AM

5506-X here - polices were working fine, then stopped.  I see in the real-time log viewer the SFR module is working - I see "SFR requested to drop TCP..." but the ASA is ignoring that and allowing the traffic.  Tried the usual reboots, etc.

I have a single service rule policy for any traffic and the rule action is enable firepower, close traffic if sfr fails, and enable monitor only is NOT enabled.

It's behaving like we are in monitoring only mode but for file monitoring only...  Nothing is being blocked despite the SFR module tagging packets to drop.  Other policies to drop traffic do seem to work.  Only real change was the upgrade to the 5.4.1.2-23 build of the Cisco sensor.

Labels:
0 Helpful
1 Reply 1

keglass
Level 7
Level 7

‎08-03-2015 10:32 AM

Matthew,

I recommend you also post this to the Cisco Support Community for additional feedback and information.

Cisco Support Community

Thank you for participating in the community. I hope this helps.

Kelli Glass

Moderator for Cisco Customer Communities

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card