Symptom
SMB traffic is getting blocked post upgrading the FTD to 7.4.1
Snort blocks the connections with:
Drop-reason: (firewall) Blocked or blacklisted by the firewall preprocessor
Conditions
At the moment, based on the available logs below conditions should be matched:
1. FTD running software version 7.4.1
2. So far this issue is seen on FTD running on FPR-2100 SERIES, it is possible that the issue may impact other hardware versions as well.
3. Zone-based rule configured to allow SMB traffic.
Workaround
Workaround-1 Disable multi-channel SMB by running the below command
>configure snort multichannel-lb disable
Workaround-2 Don't use zone-based rule for SMB traffic.
Further Problem Description
SMB traffic is getting blocked post upgrading the FTD to 7.4.1
