Cisco Bug: CSCvu52879 - show conn output must flag "trusted" flows
Jun 16, 2020
- Cisco ASA 5500-X Series Firewalls
Known Affected Releases
Symptom: FTD running with ACP rules that contain "Trust" as the action will not show a connection flag in the "show conn" output on LINA. The connection gets accounted as one inspected by SNORT whereas, after whitelisting the flow, LINA would process the flow. In a scenario where dynamic flow offload is enable, the data flow is offloaded to CRUZ and an offload flag on the connection "o" will distinguish this flow. When dynamic flow offload is disabled, the connection simply has "N1" as it's flag and this may lead to incorrect accounting of the load on SNORT. Conditions: FTD with "Trust" action configured for ACP rules.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases