Re: floodguard enable command Cisco Firepower

harmesh88 · ‎02-01-2021

Dear Team ,

I have cisco firepower FMC in Virtual and FTD model is 2110

as per cisco community search we came to know that Floodgaurd feature is enabled by default with this device

My question is how can we enable it and if its enabled so how can we see status of this feature - is there any command for checking it ?

Mohammed al Baqari · ‎02-01-2021

Hi, floodguard is always enabled and can't be disabled since PIX 7.0. If
you try to push the config using flexconfig, it will give an error that its
always enabled.

I don't think there is a command to display its output in ASA/FTD

***** please remember to rate useful posts

harmesh88 · ‎02-03-2021

Ok So its already enabled .

Actually its audit point of view i want to know that this feature is enabled in my device .

So please let me know if any possibility to view status of this feature .

or for proof any document link

Marvin Rhoads · ‎02-03-2021

You auditor is either working with a very old set of requirements or incorrectly applying a switching requirement to your ASA device. (The floodguard command is still supported on switches and is required for DISA STIG compliance.)

The only confirmation I was able to find that it is is built into ASA by default is an old Cisco document last updated almost 5 years ago. Reference:

https://www.cisco.com/c/en/us/support/docs/security/pix-500-series-security-appliances/91976-migrate-pix-to-asa.html#ert

Mohammed al Baqari · ‎02-03-2021

Agreed with @Marvin Rhoads are outdated. They are looking for floodguard in
FTD !!! There are a lot of security features to be considered in FTD other
than this.

I had similar case recently where a large audit organization was auditing
FTD using ASA config. Useless activity if they are not up to date.