Guest

Preview Tool

Cisco Bug: CSCvv58604 - Reset not sent when traffic matches AC-policy configured with block/reset and SSL inspection

Last Modified

Oct 22, 2020

Products (1)

  • Cisco Firepower Management Center Virtual Appliance

Known Affected Releases

6.4.0 6.4.0.9 6.5.0.6 6.6.2 6.7.0 6.8.0

Description (partial)

Symptom:
With SSL policy enabled, lina is not sending reset while snort verdict is reset. 

In SSL policy doesn't matter if the traffic is matching rule with decrypt or do not decrypt, reset will not be sent. Had to remove SSL policy from the ACP for lina to send reset.

Conditions:
- FTD version 6.4
- Access control policy action set as "Block with reset"
- SSL policy is enabled.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.