FTD- Pre-filter

This Subject will talk about the Pre-Filter Option in FirePower.

in simple Word
Pre-filter is the first stage when the connection starts to establish - we can skip the SNORT ENGINE which contains many policies such as SSL policy, AMP Policy …etc. using Fast Path . another feature is to check The outer header for tunnel protocol such as GRE.

LAB Overview:

We run GRE Tunnel between R1 and R3 with OSPF - Tunnel is working up – FTD configure in the Middle with Default Action IPS (logging Enable)
Can we see any information about the Packets?

You will see – Inner header via ACP logs ONLY which is tunnel ip addresses


What about the outer header?
By pre-filter option -> use ANALYZE option – you can see the out header of the packet


The logging Option is disabled when the ANALYZE option has been checked.


Then call it from ACP


I hope this help.


Nice, bro! :slight_smile:

1 Like