Is your Cisco Firepower FTD devices running Snort 2 or Snort 3?
This short video will show you how to enable Snort 3 on your FTD devices, or how to disable Snort3 and just run Snort2. This video will help you understand which version your FTD devices are running.
There is a LOT to Snort 3, and I’ll have more videos on this at lammle.com, as well as multiple other features, so stay tuned! Be sure and attend my new Live Online Firepower 7.0 class now available!
Check out my new Live Online Mastering Cisco Firepower 7.0 coming up on 6/28 week for 40% off listed price below!
Pay only $2277!
Mastering Cisco Firepower/FTD Administration (Securing Networks w/ Cisco Firepower)
We went to Snort3 on version 7.2.4
We are now having odd traffic issues between certain systems. All the Event logs in FMC show good. Nothing dropped. Even ran a live debug trace from the FTD and see the traffic and all says pass. Yet, there is for sure communication issues. If we remove Snort3 inspection from the rule, traffic works just fine.
Have you seen this happen?
No i haven’t but it has to be causing issues. It’s possible you are not logging on a rule that is being hit and IPS is dropping traffic.
Hard for me to tell from here. Analysis>Intrusion Events show nothing?
Nothing regards to this traffic having issues. I see normal stuff there but no Block.
This is happening on an Inline set which is a WAN connection between offices.
TAC is not seeing much either. Not sure what to do besides go back to Snort2 or make a rule with no inspection on the WAN link, which solves the issue. Both not good solutions.
so its a layer 2 device?
Jonathan, this has really peaked my curiosity. Can you email me? [email protected]