Net Worker World

FTD LINA engine: A global  ACL named as CSM_FW_ACL_ FTD Snort engine: Access Control (AC) rules in the /var/sf/detection_engines/UUID/ngfw.rules 1. Block rule uses L4 condition (Destination Port TCP 80) LINA rule: access-list CSM_FW_ACL_ remark rule-id 268434433: L4 RULE: Rule1 access-list CSM_FW_ACL_ advanced deny tcp ifc Inside object 10.10.10.0_24 ifc Outside object Website-203.0.113.1 eq www rule-id 268434433 SNORT Rule: # Start of AC rule. 268434433 deny 2 10.10.10.0 24 any 1 203.0.113.1 32 80 any 6 268434432 deny any any  any any any  any any any # End of AC rule. The behavior is same with ASA rule, SYN will be dropped by FTD, no packet passes though FTD, no connection entry in connection table. 2. Block rule uses L7 condition (Application HTTP)     LINA rule: access-list CSM_FW_ACL_ line 9 remark rule-id 268434433:  L7 RULE: Rule1 access-list CSM_FW_ACL_ line 10 advanced  permit  ip ifc Inside object 10.10.10.0_24 ifc Outside object Website-2