20 Comments

  1. dcrichter
    May 25, 2019 @ 2:16 pm

    Thanks for the fast and relevant post on this!

    Reply

    • lammle
      May 25, 2019 @ 2:23 pm

      You’re welcome! This is my everyday pretty much now!! LOL
      This one was pretty easy…
      Appreciate the post!

      Reply

      • Sally
        May 28, 2019 @ 10:37 am

        Todd, I have a client reporting this issue but the listed SIDs are not present on the SRU update for 5/24/19.

        Reply

        • lammle
          May 28, 2019 @ 10:44 am

          yes, cisco sent out a new update that deletes them….they did this late Saturday afternoon I think. They probably just have to redeploy
          let me know!

          Reply

  2. Michael Davis
    May 25, 2019 @ 2:51 pm

    Snort/Talos Rule update 2019-05-24 looks to be the problem. If you download 2019-05-25 (just released) it looks like it resolves the issue.

    For Firepower — Updates / Rule Updates / One-Time Rule Update / Download Now / Import — Then deploy policies to sensors and you should be good.

    Reply

    • lammle
      May 25, 2019 @ 3:02 pm

      Thanks Michael, yes I am sure they’d put out an update for this…thanks for the helpful post!!

      Reply

  3. fgeer
    May 25, 2019 @ 3:31 pm

    You saved my day.

    Reply

    • lammle
      May 25, 2019 @ 3:32 pm

      That’s great to hear! Thanks for posting!

      Reply

  4. Alex
    May 25, 2019 @ 4:43 pm

    Michael, thanks for the post.
    How do I open the IPS policy on Windows 10 Pro? is this “Local Security Policy” application?
    this has a wizard to create new IP security policy, but the note there says: The default response rule is supported only on computers that are running Windows 2003 and Windows XP.
    Appreciate your response.

    Reply

    • lammle
      May 25, 2019 @ 4:46 pm

      Alex, this isn’t a Windows problem. this is a Cisco ASA and/or Firepower problem, and the issue can be fixed in the Firepower management center as described in my post here. Hope this helps

      Reply

  5. KB Lim
    May 25, 2019 @ 10:58 pm

    Thanks for the information!

    Reply

    • lammle
      May 26, 2019 @ 9:10 am

      You’re welcome!

      Reply

  6. novonyx
    May 26, 2019 @ 10:58 am

    Thanks! You saved my day!

    Reply

    • lammle
      May 26, 2019 @ 11:20 am

      Great! Glad it helped!

      Reply

  7. michel
    May 27, 2019 @ 8:48 am

    where is Cisco’s official KB on this ?

    Reply

  8. John
    May 27, 2019 @ 3:05 pm

    Awesome.
    Maybe “sort” in title should be “snort”

    Reply

    • lammle
      May 27, 2019 @ 4:31 pm

      yea, read that 20 times and didn’t see that!

      Reply

  9. Matt
    May 28, 2019 @ 10:52 am

    Is there a way to view these disabled policies? I disabled them (thank you!) and it fixed my problem, but I’d like to locate them again in my rules. I can NOT see there anywhere. Under “My Changes” or “Balanced Security and Connectivity”, etc.

    Reply

    • lammle
      May 28, 2019 @ 10:54 am

      Hi Ryan!
      Cisco sent out a new update that deletes them, so that is probably what happened. They kinda did this silently in the background.
      if you go to the filter bar and type in on elf the SIDs and it doesn’t show up, then it’s been deleted by Cisco’s update

      Reply

Leave a Reply

Your email address will not be published. Required fields are marked *