Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

Sig 4055 FPs on ISAKMP traffic...

Sig 4055 (BO2K UDP) is firing on udp/4500 ISAKMP traffic...

2 REPLIES
Cisco Employee

Re: Sig 4055 FPs on ISAKMP traffic...

Jeff,

Encrypted traffic causing the BO2K signatures (Stealth and others) is a known benign trigger. The MySDN entry is vauge, talking about highly compressed data and VPN, but what its ultimately saying is that encrypted traffic, or traffic that looks to be encrypted (high entropy), is a known false positive. It is a side-effect of the way the signature works...it won't be 100% repeatable (if you're crypto is good), but there will be a small% of FP hits.

Community Member

Re: Sig 4055 FPs on ISAKMP traffic...

Any way to exclude udp/500 and udp/4500 ?

141
Views
0
Helpful
2
Replies
CreatePlease to create content