Team, I researched about this and couldn't find a straight forward answer for this. Is there a simple OID to poll which firewall hardware unit in a firewall failover pair is Active and which one is standby? I found OIDs to poll the state of the firew...
Forum Posts
Hi,I recently had to migrate a FTD HA (tow FTD2130) from one FMC to a new one.I installed the FMC in the exact Version and restored a five day old backup from the OLD FMC to the NEW FMC.Everything was the same from the MGMT IP of the FTDs (10.0.0.x/2...
Resolved! Deploy Multiple FMCv
Hi, We have 2 office sites (HQ and a remote site), each site have two FTD devices and we have purchased a single FMCv (VMware) for 10 devices. My question is, is it possible to deploy FMCv (not cloning, since not supported) for each sites (1 on HQ an...
Resolved! Management Vlan configuration!
Hello all,I want to configure management vlan for all the devices on network: router, FW and SW.The topology ist as below:Internet---Router---ASA--subint,10,12,13,30--2960SW---PC(on access port vlan10)I did the below configuration:1. create subinterf...
Hello community, Our client has 2x FTD 1120 with latest version 7.2.0.1-12 and also FMC with latest version 7.2.0.1-12. The FMC is integrated with ISE-PIC for user authentication. We are facing some problems with filtering and FMC is showing this er...
I have Discovery Policy for Internal Zones where I am only getting network map for 2 of my FTD's internal zones and my 3rd FTD subnet is not showing up in the network map. I see connection events for this particular subnet but the PC icon for the e...
We have Access to Cisco Firepower Management Center and Firepower Threat Defense version 7.2.0 When we try to register a key to establish the connection between FTD and FMC, We are getting the below error in FTD, File HA_State not found. Because of w...
Resolved! FTD syslog export to debugging level
Hi Experts,We are attempting to export logs to IBM qradar SIEM.It seems we need to set the logging level for syslog export to debugging to get session data exported.Will it cause resource issues on our FTD's if we set the syslog export to debugging l...
Hello.I have redundant 5506x and frequently the FW will not hand out an address to either a PC or phone. If a forced failover or power cycle occurs, it fixes the issue until it occurs again. This configuration has been working for years. Inside inter...
Hi,We have FTDs mgmt by FMC version 7.0.1. We are using certificate authentication on RA VPN configuration. Indentity Certificate signed by our local CA has been expired, we have installed a new indentity certificate. Have refreshed the cert status o...
HiI am configuring an ASA device. I am noting the NAT is not working and the PRIVATE deivce can not reach the destination/gateway(192.168.237.65&192.168.237.129). Can someone help to check the config?interface GigabitEthernet0/1no nameifno security-l...
Hi everyone, have a nice dayI have a big network with multiple cisco routers, switches(IOSXE, IOSXR), and NX, I found in the ARP table multiple IP addresses with the same mac address, I try to track the mac address but the port for this mac return me...
I have two ASA5555X running version 9.631, about 2 months ago the active asa started refusing ssh in all the interfaces, after the restart I can ssh again, then a couple of days or less no ssh again.then the primary (active) started failing gradually...
Hello,I am trying to force some users to send traffic to specific wan interface.Created a ACL:ALLOW inside_zone specific_users ---> outside_zone interface_WAN3 in NATdynamic NAT from inside to outside WAN3 interface. But when i try to see from users ...
While attempting an FMC upgrade the upgrade failed with the following message in the CLI: The Cisco 6.6.5 upgrade has halted, status: [48%] Fatal error: Error running script 800_post/021_reinstall_sru.sh. For more details see /var/log/sf/Cisco_Firep...
