https://community.cisco.com/t5/network-security/changing-ftd-platform-settings/m-p/5237436#M1118255 <P>I currently have 2 sites, and each site has (2) FTDs in active/passive failover. When looking at the Platform Settings, they both share a single policy. I need to add another policy for each pair to change their syslog server settings to go to different syslog servers. When I create a "Threat Defense Settings" policy and add an HA to it, I am presented with the following message:</P><P>Following device have an existing platform setting or a DNS value configured by CLI. Do you want to replace the existing configuration?</P><P>How can I determine which setting(s) would be modified? Is there a potential for taking the pair offline?</P><P>&nbsp;</P> Mon, 16 Dec 2024 13:17:10 GMT jberrios 2024-12-16T13:17:10Z https://community.cisco.com/t5/network-security/changing-ftd-platform-settings/m-p/5237436#M1118255 <P>I currently have 2 sites, and each site has (2) FTDs in active/passive failover. When looking at the Platform Settings, they both share a single policy. I need to add another policy for each pair to change their syslog server settings to go to different syslog servers. When I create a "Threat Defense Settings" policy and add an HA to it, I am presented with the following message:</P><P>Following device have an existing platform setting or a DNS value configured by CLI. Do you want to replace the existing configuration?</P><P>How can I determine which setting(s) would be modified? Is there a potential for taking the pair offline?</P><P>&nbsp;</P> Mon, 16 Dec 2024 13:17:10 GMT https://community.cisco.com/t5/network-security/changing-ftd-platform-settings/m-p/5237436#M1118255 jberrios 2024-12-16T13:17:10Z https://community.cisco.com/t5/network-security/changing-ftd-platform-settings/m-p/5237448#M1118256 <P><a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/1441521">@jberrios</a> it is unlikely to impact transit traffic, as the Platform Settings policy applies setting applicable to the FTD itself. If your new Platform settings policy does not include DNS settings and the existing one does, you would probably want to ensure you define DNS servers and another other settings.</P> <P>Why do you need to create a new policy, can you not amend the exist policy that is applied with the syslog servers?</P> Mon, 16 Dec 2024 13:26:16 GMT https://community.cisco.com/t5/network-security/changing-ftd-platform-settings/m-p/5237448#M1118256 Rob Ingram 2024-12-16T13:26:16Z https://community.cisco.com/t5/network-security/changing-ftd-platform-settings/m-p/5237459#M1118257 <P>there is config replication from active to standby and there some little config not replicate&nbsp;<BR />config different syslog is replication so what you try to do will not work&nbsp;</P> <P>MHM</P> Mon, 16 Dec 2024 13:58:49 GMT https://community.cisco.com/t5/network-security/changing-ftd-platform-settings/m-p/5237459#M1118257 MHM Cisco World 2024-12-16T13:58:49Z https://community.cisco.com/t5/network-security/changing-ftd-platform-settings/m-p/5237464#M1118259 <P>In addition to what <a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/97036">@Rob Ingram</a> correctly mentioned, you can preview the deployment changes before clicking the final confirmation button.</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="MarvinRhoads_0-1734357836708.png" style="width: 999px;"><img src="https://community.cisco.com/t5/image/serverpage/image-id/236006i672A39503D023269/image-size/large?v=v2&amp;px=999" role="button" title="MarvinRhoads_0-1734357836708.png" alt="MarvinRhoads_0-1734357836708.png" /></span></P> <P>&nbsp;</P> Mon, 16 Dec 2024 14:04:07 GMT https://community.cisco.com/t5/network-security/changing-ftd-platform-settings/m-p/5237464#M1118259 Marvin Rhoads 2024-12-16T14:04:07Z https://community.cisco.com/t5/network-security/changing-ftd-platform-settings/m-p/5237522#M1118266 <P><a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/97036">@Rob Ingram</a>&nbsp;, is it possible to specify multiple syslog servers within the same policy and direct each pair to specific syslog servers?</P> Mon, 16 Dec 2024 16:14:27 GMT https://community.cisco.com/t5/network-security/changing-ftd-platform-settings/m-p/5237522#M1118266 jberrios 2024-12-16T16:14:27Z https://community.cisco.com/t5/network-security/changing-ftd-platform-settings/m-p/5237525#M1118268 <P><a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/1441521">@jberrios</a> not if they share the same policy.</P> Mon, 16 Dec 2024 16:19:09 GMT https://community.cisco.com/t5/network-security/changing-ftd-platform-settings/m-p/5237525#M1118268 Rob Ingram 2024-12-16T16:19:09Z https://community.cisco.com/t5/network-security/changing-ftd-platform-settings/m-p/5305344#M1121595 <P>I have also began creating a platform settings policy in order to restrict ICMP access. I received the message regarding DNS settings, which were previously configured via CLI. If I keep the option, "Enable DNS name resolution by device" untoggled, will the FTD default back to the settings configured by CLI?</P> Thu, 03 Jul 2025 14:57:24 GMT https://community.cisco.com/t5/network-security/changing-ftd-platform-settings/m-p/5305344#M1121595 jtorres44 2025-07-03T14:57:24Z https://community.cisco.com/t5/network-security/changing-ftd-platform-settings/m-p/5306251#M1121642 <P>The cli-based DNS configuration is for the management interface only. The setting under platform policy is for dataplane DNS resolution and commonly used for access control policy entries that include FQDN references.</P> Mon, 07 Jul 2025 02:58:18 GMT https://community.cisco.com/t5/network-security/changing-ftd-platform-settings/m-p/5306251#M1121642 Marvin Rhoads 2025-07-07T02:58:18Z