Cisco Support Community
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

Cache Engine Triggering sign 3030 on ASA IPS


The Cache Engine 566 is triggering tens of thousands hits with signature 3030. We have many other hosts on the campus hitting this signature but the CE566 was by far the biggest offender. My question is to verify if the Cache Engine 566 needs to perform these TCP syn sweeps on a constant basis as part of it's maintaining the cache engine? On the CE566 we were receiving 12000 miss and about 1500 hits per minute with a savings over the last 60 day of 18%. While trying to tune the IPS, we tuned 3030 to deny the packet inline. After making the change to 3030, we see that out misses on the CE566 are down to around 1200 with 300 hits. We than reset the statistics to get a more accurate count, but now there are no hits/misses. We are still receiving tcp requests. Is the tcp syn sweep necessary for the CE566? TIA. Hopefully this makes more sense.


CreatePlease to create content