Cisco Bug: CSCvs37416 - Snort pass rule results in intrusion events when inline drops are disabled for the intrusion policy
Jan 23, 2020
- Cisco Firepower Management Center
Known Affected Releases
Symptom: Snort pass rules are accompanied by intrusion events which should not be occurring as pass rules do not generate intrusion events. In this case the customer was applying the pass rules for Qualys scanner.The issue is not specific to the application though. Conditions: When inline drops are disabled for the intrusion policy, which is typically the case as enabling inline drops risks network issues, and the scans from Qualys were run.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases