18 Comments

  1. evan
    June 27, 2018 @ 4:47 pm

    job well done. Great dedication and a good result.

    Reply

    • lammle
      June 30, 2018 @ 5:44 pm

      Thank you!

      Reply

  2. Shavat Zalpuri
    September 22, 2018 @ 2:58 am

    Hi sir,

    I have a query in our environment, we have implemented Firepower , after the implementation we got an issue that bulk FTP is not working.

    After passing the traffic through pre-filter policy as fast-path bulk FTP started.

    As per the article, if we do fast-path packet wil avoid snort engine, so do you suspect that there is some issue with our snort engine ?

    Bug or some other thing .

    Reply

    • lammle
      September 22, 2018 @ 6:06 am

      No, I don’t think that you have something wrong with the snort engine, you have something wrong in your Access Control Policy that’s blocking it. Email me a pic of your ACP rules and I’ll take a look todd@lammle.com

      Reply

  3. Mahesh
    May 30, 2019 @ 11:26 am

    This is an issue with FTD handling FTP ( Active Vs Passive )

    Reply

    • lammle
      May 30, 2019 @ 11:31 am

      True, but you can fast path FTP to solve the issue

      Reply

  4. Vijay
    June 14, 2019 @ 2:00 am

    I want to know where does the “Network Analysis” policy come in the Packet flow?

    Reply

    • lammle
      June 14, 2019 @ 9:41 am

      Two places, at the beginning and end of the LINA process, and at every policy listed in the diagram for the SNORT process.

      Reply

  5. Prakash Zalaki
    July 29, 2019 @ 1:40 am

    If SNORT is crashed, can we bypass SNORT process.

    Reply

    • Todd Lammle
      July 29, 2019 @ 8:47 am

      Go to Devices>Device> and enable the Automatic Application Bypass option, which bypasses snort when it crashes
      this should be enabled by default, but it is not.

      Reply

  6. Mario
    July 29, 2019 @ 10:29 am

    If FMC is down for any reason, will any of these features be affected? If so, which ones? Will IPS work?

    Reply

    • Todd Lammle
      July 29, 2019 @ 10:32 am

      The FMC pushes policy and provides network analysis, so you only lose AD integration and AMP if the FMC goes down

      Reply

  7. Archchunah
    August 14, 2019 @ 2:05 pm

    What is the purpose of Routing and Nat checks before and after the Snort check ?

    Reply

    • Todd Lammle
      August 14, 2019 @ 2:08 pm

      That is the Lina process where NAT and VPN encryption/decryption happens, so that is the Ingress and Egress ASA code

      Reply

      • Archchunah
        August 14, 2019 @ 2:36 pm

        1. Let’s consider NAT which has two options
        a. Source Nat
        b. Destination NAT
        2. Let’s consider Route which has two options
        c. Policy Route
        d. Static Route
        3.Now there are two places where NAT and Routes are being checked
        1. Before Snort
        2. After Snort
        May I know which is the order via which the packet flows ?
        Is it,
        1 (b,c,d)
        then,
        2 (a,c,d)

        Reply

        • Todd Lammle
          August 14, 2019 @ 5:55 pm

          SNORT has nothing to do with any of that, and only sends a snort verdict to the egress interface. What your asking is done 100% the same as it was with ASA code, as it is ASA code, no differences in this.

          Reply

    • Archchunah
      August 14, 2019 @ 2:12 pm

      I mean, why do we have two different places where the lina engine is checking for NAT and Route ?
      Also, appreciate if you can explain which would be checked first? Route or Nat ?

      Reply

Leave a Reply

Your email address will not be published. Required fields are marked *