I added the Network Security Manager as a device to our Enterprise Security Manager recently but i am not seeing any events for our DMZ interface for some reason.
Just some background. We have 2 x M2850 sensors installed (HA) that are monitoring 4 networks and one of the networks is our DMZ. I can see events from the other 3 interfaces but nothing from the DMZ network. Has anyone got any thought or ideas?
What software versions are you using on your manager and sensor?
Can you see the alerts for all 4 interfaces in the Real Time Threat Analyzer on the Network Security Manager server?
If you run the show intfport command from the sensor CLI for the interface that is not reporting alerts do you see any traffic on it?
Are you applying the same policies (IPS, Firewall, etc) to all 4 interfaces?