Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

ZBF Drops Source Port 0 Destination Port 3

Hi,

My ZBF configuration is showing a lot of drops:

114110: May  2 12:49:43.559 CET: %FW-6-LOG_SUMMARY: 1 packet were dropped from PUBLIC_IP:0 => PRIVATE_IP:3 (target:class)-(OUTSIDE_INSIDE_ZP:class-default)
114111: May  2 12:49:43.559 CET: %FW-6-LOG_SUMMARY: 1 packet were dropped from PUBLIC_IP:0 => PRIVATE_IP:3 (target:class)-(OUTSIDE_INSIDE_ZP:class-default)
114112: May  2 12:49:43.559 CET: %FW-6-LOG_SUMMARY: 1 packet were dropped from PUBLIC_IP:0 => PRIVATE_IP:3 (target:class)-(OUTSIDE_INSIDE_ZP:class-default)
114113: May  2 12:49:43.559 CET: %FW-6-LOG_SUMMARY: 1 packet were dropped from PUBLIC_IP:0 => PRIVATE_IP:3 (target:class)-(OUTSIDE_INSIDE_ZP:class-default)
114114: May  2 12:49:43.559 CET: %FW-6-LOG_SUMMARY: 1 packet were dropped from PUBLIC_IP:0 => PRIVATE_IP:3 (target:class)-(OUTSIDE_INSIDE_ZP:class-default)
114115: May  2 12:49:43.559 CET: %FW-6-LOG_SUMMARY: 1 packet were dropped from PUBLIC_IP:0 => PRIVATE_IP:3 (target:class)-(OUTSIDE_INSIDE_ZP:class-default)
114116: May  2 12:49:43.559 CET: %FW-6-LOG_SUMMARY: 1 packet were dropped from PUBLIC_IP:0 => PRIVATE_IP:3 (target:class)-(OUTSIDE_INSIDE_ZP:class-default)
114117: May  2 12:49:43.559 CET: %FW-6-LOG_SUMMARY: 1 packet were dropped from PUBLIC_IP:0 => PRIVATE_IP:3 (target:class)-(OUTSIDE_INSIDE_ZP:class-default)
114118: May  2 12:49:43.559 CET: %FW-6-LOG_SUMMARY: 1 packet were dropped from PUBLIC_IP:0 => PRIVATE_IP:3 (target:class)-(OUTSIDE_INSIDE_ZP:class-default)
114119: May  2 12:49:43.559 CET: %FW-6-LOG_SUMMARY: 1 packet were dropped from PUBLIC_IP:0 => PRIVATE_IP:3 (target:class)-(OUTSIDE_INSIDE_ZP:class-default)
114120: May  2 12:49:43.559 CET: %FW-6-LOG_SUMMARY: 1 packet were dropped from PUBLIC_IP:0 => PRIVATE_IP:3 (target:class)-(OUTSIDE_INSIDE_ZP:class-default)
114121: May  2 12:50:43.560 CET: %FW-6-LOG_SUMMARY: 1 packet were dropped from PUBLIC_IP:0 => PRIVATE_IP:3 (target:class)-(OUTSIDE_INSIDE_ZP:class-default)
114122: May  2 12:50:43.560 CET: %FW-6-LOG_SUMMARY: 1 packet were dropped from PUBLIC_IP:0 => PRIVATE_IP:3 (target:class)-(OUTSIDE_INSIDE_ZP:class-default)
114123: May  2 12:50:43.560 CET: %FW-6-LOG_SUMMARY: 1 packet were dropped from PUBLIC_IP:0 => PRIVATE_IP:3 (target:class)-(OUTSIDE_INSIDE_ZP:class-default)
114124: May  2 12:50:43.560 CET: %FW-6-LOG_SUMMARY: 1 packet were dropped from PUBLIC_IP:0 => PRIVATE_IP:3 (target:class)-(OUTSIDE_INSIDE_ZP:class-default)
114125: May  2 12:50:43.560 CET: %FW-6-LOG_SUMMARY: 1 packet were dropped from PUBLIC_IP:0 => PRIVATE_IP:3 (target:class)-(OUTSIDE_INSIDE_ZP:class-default)

I'm not really sure if this is a problem, since no one is complaining of dropped sessions. But I think the portnumbers are really odd... Anyone any idea what traffic goes from source port 0 to destination port 3? Traffic is also being PAT on this router. OUTSIDE interface is also "ip nat outside", INSIDE interface is also "ip nat inside".

Thanks!

1 REPLY
Cisco Employee

Re: ZBF Drops Source Port 0 Destination Port 3

There is an enhancement bug that has been filed to provide more information on the ZBFW logs in particular the logs that you have been seeing.

Here is the  bugID for your reference: CSCsr41215

http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCsr41215

385
Views
3
Helpful
1
Replies
CreatePlease to create content