Symptom
FTD device having the configs mentioned in below conditions section could traceback.
Conditions
FTD version 7.2.x and above
Have an L7 rule with logging enabled in ACL policy
having below clis:
management-access inside
logging trap debugging
logging host inside format emblem
Workaround
syslog server reachable via same management-access interface could solve the problem.
Further Problem Description
Due to cross ifc access changes in dataplane, if syslog server is reachable via different interface other than what was configured in management access cli, the packet would be subjected to snort inspection.
Ideally any from the box local traffic shouldnt be sent to snort.
While sending to snort there is scenario where corruption could be seen on the packet as local packets dont account for extra PDTS data offset on the packet.
