Cisco Bug: CSCvv58604 - Reset not sent when traffic matches AC-policy configured with block/reset and SSL inspection
Oct 22, 2020
- Cisco Firepower Management Center Virtual Appliance
Known Affected Releases
6.4.0 188.8.131.52 184.108.40.206 6.6.2 6.7.0 6.8.0
Symptom: With SSL policy enabled, lina is not sending reset while snort verdict is reset. In SSL policy doesn't matter if the traffic is matching rule with decrypt or do not decrypt, reset will not be sent. Had to remove SSL policy from the ACP for lina to send reset. Conditions: - FTD version 6.4 - Access control policy action set as "Block with reset" - SSL policy is enabled.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases