Symptom
Currently, when adding a new Syslog Server the default Protocol is TCP (port 1470).
This in combination with the setting 'Allow user traffic to pass when TCP syslog server is down' which is by default disabled will lead to major network outage in case the user does not have a TCP server configured. In that case the FTD logs would show:
May 18 2017 02:41:57: %ASA-3-201008: Disallowing new connections.
May 18 2017 02:41:57: %ASA-3-201008: Disallowing new connections.
May 18 2017 02:41:57: %ASA-3-201008: Disallowing new connections.
May 18 2017 02:41:57: %ASA-3-201008: Disallowing new connections.
May 18 2017 02:41:57: %ASA-3-201008: Disallowing new connections.
May 18 2017 02:41:57: %ASA-3-201008: Disallowing new connections.
May 18 2017 02:41:57: %ASA-3-201008: Disallowing new connections.
May 18 2017 02:41:57: %ASA-3-201008: Disallowing new connections.
This Enhancement requests:
1. To change the default Protocol from TCP to be UDP instead to avoid the above scenarios
2. Add a Warning when someone chooses TCP as a Syslog Protocol about the potential outage in case TCP Server is unreachable and a note about the setting 'Allow user traffic to pass when TCP syslog server is down'.
