I have multiple remote sites which connect to local ISPs but can only use DHCP to get public IP addresses. I need to setup Hub-and-Spoke route-based VPN tunnels between remote sites and my primary DC; backup DC, for failover. I configured two static ...
Forum Posts
Tested with FTD 7.7.10-5. Firepower 1010 web managed by Firewall Device Manager. VTI route based VPN not possible to setup since BGP cannot be configured. For Policy based VPN setup, Parameters, PSKs, IPs, IKE policy, IPsec proposal, NAT, and ACL...
Hi all,Does anyone know if the Firepower 4100 supports a CLI method of checking tranceiver details? I am trying to determine what model SFP is installed in an interface, but can't find this info for the life of me. I have tried numerous things as wel...
Hello Everyone,I wanted to ask for your kind advice regarding the implementation of a dynamic DDoS detection solution along with BGP Flowspec-type actions on a Nexus 5672UP edge switch.Since the Nexus 5672UP does not support BGP Flowspec, my proposed...
After deploying a new FTDv 7.x, I encountered an issue where, after configuring the Management IP settings (including Device IP, Gateway, and Mask), I couldn’t ping any devices on the network. I received a "No Route to Host" error, which was puzzling...
Hello,Every time I connect to my Firepower cluster via SSH, I get this message:%AUTH-3-SYSTEM_MSG: error: Unable to load host key: /isan/etc/ssh_host_ecdsa_key - sshdand%AUTHPRIV-3-SYSTEM_MSG: pam_tally2(aaa:account): unknown option: reset - aaadThe ...
Hello everyone,I need to send zeek logs to Cisco SNA (flow collector)According to the Cisco manual:“Format: The zeek log generator must add the zeek_filename="xxx.log" tag before the JSONL string for the Flow Collector.”I need help about, adding the...
Hello everyone, I’m currently performing a migration from Cisco ASA with FirePOWER Services (ASA + SFR) to Cisco FTD using the Secure Firewall Migration Tool (version 7.7.10.4), and I’ve run into a limitation that I’m not sure how to properly handle....
Firewall or no Firewall? Is a router good enough?I am going through a network redesign for my company. This is my environment:- 2,000 total users. About 1,500 users at the HQ and another 5000 remote users,- One Data Center in Virginia, and Azure clou...
Hi everyone! I was able to configure the SNMP port 161 on the FMC via GUI. But I cannot seem to find the SNMP Traps configuration. Below I managed to check in FMC CLI , but I am stuck on how I will implement them and make my FMC send traps to our SNM...
I am trying to send cisco FMC 1700's interface status information to SNMP server as SNMP trap and to syslog server. how to send above, kindly help.
vpn(config)# crypto ca enroll acme_cert % Start certificate enrollment .. % The subject name in the certificate will be: CN=acme_cert % The fully-qualified domain name in the certificate will be: acme_cert % Include the device serial number in the su...
Hi, please can someone explain if we can have FPR 1140 with FTD to be context to migrated asa 5516 with firepower context.basicall we have asa 5516 contextual with firepower module now we have to move to new hardware we notice cisco built new hardwar...
Resolved! CD-FMC Cloud Management
Good Day All, Hoping you can help me here. I am looking to obtain Cisco CD-FMC for 4 FTDvs positioned in AWS. Their respective SKUs have been relatively easy to obtain. However, looking at the CD-FMC Sku, I am using the : FWM-SEC-SUB Inside this, the...
Hello! We recently upgraded our FMC code from 7.4.2 to 7.4.3 and when it finished installing the new software we started getting this message saying: "The size of MariaDB undo files has reached 1.39GB, and it exceeds the threshold of 1 GB. Contact TA...
