I have the asa-ssm-20 in my asa. i have it running with policy maps for inline. I can do deny packet and deny connection etc for icmp/reply it works fine for my testing. but i can't get it to stop the connections. I know the manual says "Connection blocks are not supported on security appliances. Security appliances only support host blocks with additional connection information." Then why is it give you the option with inline. Also the deny attacker inline doesn't work with it either.
"Deny connection inline" should work with P2P traffic, in this case the "attacker" is the client on your network, a user, so be careful not to use "deny attacker inline" as it will also start blocking legit traffic. My recommendation is to test from a test PC and use the various inline blocking on simple "non atomic" stateful traffic to see if the blocking works. If it does, the P2P traffic could just be tunneling through http. Certain P2P/IM traffic uses various ports for various things such as "sign in", "chat", "video", etc, and have sub-sigs under the parent sig, be sure to select all the sigs for a particular parent sig.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...