Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
177
Views
0
Helpful
5
Replies

FTD Passive Interface problem (Span port)

Go to solution
stephen-hardiman
Level 1
Level 1

‎04-30-2024 08:22 AM - edited ‎04-30-2024 08:25 AM

FTD 1140
interface configured as "passive",
access rule "passive" (configured per FTD configuration guide to set hardware interface passive)
Connected to SPAN port  (span port verified functional from laptop)


From the firewall perspective, it appears that no traffic is reaching the interface, logging etc is enabled. No hit counts on the access rule. 

anyone seen this ? odd that I am having issues with such a minor config... might be missing something / sw bug

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
stephen-hardiman
Level 1
Level 1

‎04-30-2024 10:21 AM

The FTD interface i was trying to use did not release the IP assigned when it was L3  -  Remains showing as a "passive interface" in the GUI - but CLI shows the interface is not passive, still set to L3

possibly a bug.

View solution in original post

0 Helpful
5 Replies 5

Go to solution
stephen-hardiman
Level 1
Level 1
In response to balaji.bandi

‎04-30-2024 08:56 AM

Yes, i configured the firewall per the guide -  

Configure a Physical Interface in Passive Mode



What to do next

Creating a passive interface is not sufficient for populating the dashboards with information about the traffic seen on the interface. You must also do the following. The use case covers these steps. See How to Passively Monitor the Traffic on a Network.

  • Create a passive security zone and add the interface to it. See Configuring Security Zones.

  • Create access control rules that use the passive security zone as the source zone. Typically, you would apply intrusion policies in these rules to implement IDS (intrusion detection system) monitoring. See Configuring the Access Control Policy.

  •  
0 Helpful

Go to solution
stephen-hardiman
Level 1
Level 1

‎04-30-2024 10:21 AM

The FTD interface i was trying to use did not release the IP assigned when it was L3  -  Remains showing as a "passive interface" in the GUI - but CLI shows the interface is not passive, still set to L3

possibly a bug.

0 Helpful

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame
In response to stephen-hardiman

‎04-30-2024 10:54 AM

glad all good, by the what version of code running on the device ?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
stephen-hardiman
Level 1
Level 1
In response to balaji.bandi

‎04-30-2024 11:24 AM

7.2.5 (Build 208)

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card