Hi,

 

We have Cisco ASA firewall generating %ASA-2-106016: Deny IP spoof messages and was detected as "Attack" on Firewall Analyzer.

 

Is firewall analyzer classify attack from the log messages sent by the firewall devices ?

 

If we have verified the source is valid and this attack is false alarm, is there anyway we can exclude the source from being flaged as attack on firewall analyzer ?

 

We can configure on Cisco ASA firewall not send syslog message with ID 106016. But this is not the right way as there are genuine IP spoof event. 

 

Please advice. Thanks.