Guest

Preview Tool

Cisco Bug: CSCvs37416 - Snort pass rule results in intrusion events when inline drops are disabled for the intrusion policy

Last Modified

Jan 23, 2020

Products (1)

  • Cisco Firepower Management Center

Known Affected Releases

2.9.14.10

Description (partial)

Symptom:
Snort pass rules are accompanied by intrusion events which should not be occurring as pass rules do not generate intrusion events. In this case the customer was applying the pass rules for Qualys scanner.The issue is not specific to the application though.

Conditions:
When inline drops are disabled for the intrusion policy, which is typically the case as enabling inline drops risks network issues, and the scans from Qualys were run.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.