Network Security

Disabling FTD logging for events: 852001 and 852002

I'm looking to disable the logging of the following event ids: FTD-6-852001: Received Lightweight to Full Proxy event from application Snort for TCP flow ip-address/port to ip-address/portFTD-6-852002: Received Full Proxy to Lightweight event from ap...

Resolved! ASA - Resticting the number to-the-box TCP connections

Hi, I've got an ASA 5516-X and I want to restrict the number of TCP connections to-the-box on the outside interface. I have used MPF to configure the connections limits:access-list limit-conn-outside extended permit ip any host "ASA outside interface...

FTD 3130 / ECMP

Hello everybody,I need send traffic (default route) to 20 S2S VPN. I wanted to use ECMP to achieve this. However, there is this limitation of max 8 routes... which is unfortunate.Is there any other way to achieve this? using ECMP or not.Thanks.Dardan

Is this bug cosmetic?

Does the descripting of this bug mean that it is pure cosmetic? I should just ignore SNORT utilization? https://bst.cisco.com/bugsearch/bug/CSCwe21037 How do I find the top.log file? Anyone know of fixed version?

Docks causing dot1x failure due to MAB

Hello, I am investigating an issue where i see docks different types like lenovo, dell monitor docks intermittently causing network issue on user machines. Network issue here is loss of connectivity ( no IP assigned , dot1x failure due to MAB, uniden...

Adding Additional Interfaces to Cisco ASAv

Need to add some additional interfaces to a pair of ASAv running on ESX. (Deleted the original ones when it was initially built)After adding powering down the ASAv and then adding the interfaces, the ASA's boot but I do not get any network access.Th...

Resolved! Can FMC Manage an FTD behind another managed FTD

I have an FMC within my core that manages an FTD at what I'll call a mid-point location. The mid-point location FTD connects to another FTD at the End-point location. I am able to ping from the End-point location to the FMC and visa-versa but I am no...

FTD HA - Unable to Deploy After Failover Link Broke

Hi Everyone,We are in the process of deploying HA for 2 FTDs in our environment to go into production. Currently in the test phase, however, after deploying the HA, which worked. A week later, we lost the failover link. This caused the inability to d...

"TLS Server Identity Discovery" and "Encrypted Visibility Engine"

A quick validation question: Will Enabling and Deploying "TLS Server Identity Discovery" and/or "Encrypted Visibility Engine" features in FMC/FTD be impactful for data traffic? Will it matter if the FTD is in routed or transparent mode?

asa reverse path check and policy routing

imagine basic asa setup with two outside interfaces, two providers, and one inside interface. I have route map that route traffic from one inside ip to provider 2 and default route to provider 1. If I implement reverse path check, asa uses routing ta...

Unexplained reboots for Firepower 2100

After a long period of pretty stable operation, we have been experiencing semi-random outages for our WAN and after a brief suspicion of the external network connection are fairly certain our Firepower is actually the cause of the outage and just det...

FTP and Application Inspection for RPC

I have to allow RPC communication between windows clients and domain controller.How can I define rules in FTD so that just by allowing MS-RPC (tcp/135) the authentication between client and domain controller works. That is I would like to prevent all...

Resolved! FMC 7.0.5 to 7.2.4 upgrade failure

Hello,I`am trying to upgrade FMC Virtual (KVM)to suggested by Cisco version 7.2.4 from 7.0.5. (Cisco_Secure_FW_Mgmt_Center_Upgrade-7.2.4-169.sh.REL.tar)Downloaded upgrade file, checked RAM (32 Gb) and Disk space (attached print screen) verified insta...

Resolved! Deploying FTDv HA Pair on Vmware

Hello Community, I would like to find out if it is possible to vmotion a A/S pair of FTDvs between two ESXs servers. Thanks

Resolved! Part Numbers

I have another Firepower project on the horizon. I know what I need but I don't have part numbers. What is the best way to get part numbers so I can send out for quote?Ex: Part number for Cisco ISE-PIC VM

Network Security

Forum Posts

Disabling FTD logging for events: 852001 and 852002

Resolved! ASA - Resticting the number to-the-box TCP connections

FTD 3130 / ECMP

Is this bug cosmetic?

Docks causing dot1x failure due to MAB

Adding Additional Interfaces to Cisco ASAv

Resolved! Can FMC Manage an FTD behind another managed FTD

FTD HA - Unable to Deploy After Failover Link Broke

"TLS Server Identity Discovery" and "Encrypted Visibility Engine"

asa reverse path check and policy routing

Unexplained reboots for Firepower 2100

FTP and Application Inspection for RPC

Resolved! FMC 7.0.5 to 7.2.4 upgrade failure

Resolved! Deploying FTDv HA Pair on Vmware

Resolved! Part Numbers

A new chapter of the Spotlight Award begins!

Renew.cisco.com just got refreshed, and it will make your life easier!

Announcing Resources That Guide You to Success

How can FTD block file with Cloud lookup disposition: Unavailable?

FTD firewall in OT/ICS environments

FTD Decryption Policy - documentation confusion

FMC correctly seeing some ISE PassiveID users, other show Not Found

Adding an FTD to cdFMC (CDO) and prefilter policy questions

RAIDUS Fails Post Upgrade

ASA 5515 help

ASA ISSUES

Pre-Sales Engineer Question: FTD/Firepower Family (IRB Limitations)

FMC 4700 Cluster