Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

net flood tcp

There seams to be a problem with the signature Net Flood TCP. The Cisco Intrusion Prevention sensor is installed in promiscuous mode and is at version 5.1(2) S247.0. The signature is enabled for rate 0 and to produce at alert.

signatures 6920 0

status

enabled true

rate: 0 <defaulted>

event-action: produce-alert <defaulted>

My problem is that we do not receive any alert. Is there a logical reason for this and if so what is it?

4 REPLIES
Silver

Re: net flood tcp

This happens probably due to a corrupt image. Try reloading the IPS image from a backup

Community Member

Re: net flood tcp

i think it is a bug in 5.x. TAC are working on a solution right now....

Community Member

Re: net flood tcp

Let me say this again. It?s not a bug with the sensor as the alert is received. The problem is that the vms server does not pull the alert from the sensor database.

Community Member

Re: net flood tcp

for those having the same problem.

quote:

Patch for CSCsg09932 - SecMon does not display any alert for sig6920

rate if it helps

238
Views
0
Helpful
4
Replies
CreatePlease to create content