Hi,We have a FTD version 2110; we need to replace it with a newer FTD version 2140;I wonder if you can share any tips or info on proper process upgrade/replace old version of FTD appliances with new FTD appliances?The goal is to make transition as sm...
Forum Posts
Resolved! SFR sensor upgrade fails readiness check
Hey all, 3 ASA 5516-X with sfr modules running 7.0.4 on ASA 9.16(4) with vFMC running 7.0.5 on ESXi 7.0.x latest build. When attempting to deploy the 7.0.5 upgrade patch to the sfr modules, they all fail the readiness test with the following error: R...
hi,i have 2 private IP that would need to configure to a NAT pool of /29 public IP.can someone confirm if below config is correct?do i need to add the "flat" keyword to "PAT" using 1024-65535 dynamic ephemeral ports or this is automatic?will both pri...
can we make 3105 FTD firewall as proxy gateway?if yes, are there any articles?
In the middle of updating a pair of FTD 1010's from 6.6.4 to 6.6.5, the upgrade failed due to the HA links going down for some reason during the upgrade. We use a port channel for HA and it was all down. When checking the CLI, I noticed that it sho...
Some VPN users received cert renewal emails from a couple of our ASAs, but I don't know why. I normally have the ASA send them manually as needed, but I didn't in this case. Only some users received the emails, not sure why that is either. Anyone hav...
What is mean when the asa failover because of set by the config command? I saw that when I do show failover history on the ASA. Thank you. vrian
I'm going to use a firepower 2140 as internet firewall. so i need to use bandwidth limitation through QOS. But it's not clear how it works. if i specified 1G for a subnet as a network condition in the QOS rule. every IP inside this subnet would get 1...
Currently got FMC 7.3.1 upgraded from 7.2.4 and im getting a Health Status warning saying Sybase Status - Test Failed.Have tried the following:pmtool restartbyid slapmtool restartby id TomcatHas anyone come across this issue and how to resolve?
Hi to all,i am trying to implement a site to site IPSec VPN between an FTD-HA pair and a cisco 2821.Till now i haven't succeeded in doing so , but before starting to dig dipper i would like to ask you if there are needed any special licenses for this...
I have Cisco C9200L-48P-4G with ISO 17.03.04b.I do have the below configurations.ip ssh server algorithm kex ecdh-sha2-nistp256 ecdh-sha2-nistp384 ecdh-sha2-nistp521 diffie-hellman-group14-sha1ip ssh client algorithm kex ecdh-sha2-nistp256 ecdh-sha2-...
I've just downloaded "Cisco_Secure_FW_Mgmt_Center_Virtual_VMware-7.2.0-82.tar.gz", however when I open it with WinRar I get an error and there is only the .vmdk file shown in the archive. I've verified the SHA-512 hash and also tried WinZip and 7-Zi...
As the title asks - I'm not referring to the FTD sending traffic (I know it does), I am wondering if there is a way for the FMC to relay the connection events in its internal buffer? I see Audit Logs allow my to forward syslog messages. I can't see...
Resolved! Downgrading a Firepower 2110 to ftd 6.4x
I need to downgrade a new 2110 with an ASA image to ftd 6.4.x. I've done this with no problems to 7.3, but here's the problem. The 7.x image is a .SPA and 6.4 is a .tar. When I follow the procedure I previously used here, I get the following failure:...
For some context, we have dual Firepower 2140s in HA managed by FMCv. Both FTD and FMCv are on 7.2.5.1 as of last week at the start of 2024. We currently utilize our FTDs as external firewalls and head-ends for both site-to-site VPNs and Remote Acces...
