FTD 1140 Live monitoring

dimlia83 · ‎10-15-2023

Hello everybody,

Recently we change ASA5510 with FMC and FTD 1140. I am disappointed by the fact that the new firewall does not have live monitoring. I remember with the ASA5510 in the monitoring, I just entered an IP and immediately saw everything related to that IP. Now, for example, I ping an interface of the Firewall that I deny icmp and I can't find any event anywhere that says there are continuous pings that I deny.

Please Help.

MHM Cisco World · ‎10-15-2023

https://www.google.com/url?sa=t&source=web&rct=j&opi=89978449&url=https://www.ciscolive.com/c/dam/r/ciscolive/emea/docs/2020/pdf/BRKSEC-3328.pdf&ved=2ahUKEwj8m7Lv7vmBAxUhSvEDHaWUA4UQFnoECAkQAQ&usg=AOvVaw24Fxgs5VcEWvMAQ8GU0J25

This link for how you use fmc' which includes how you check acl rule deny ...etc.

dimlia83 · ‎10-15-2023

Thanks for your answer. From what I understand, it is not include this very useful tool that has live monitoring. cisco just made our life much more difficult to see something as simple as an IP reaching the firewall.

MHM Cisco World · ‎10-16-2023

I Will check update you tonight.

MHM

MHM Cisco World · ‎10-16-2023

4. Cisco FTD Access Control Policy - RAYKA (rayka-co.com)

check this way

dimlia83 · ‎10-16-2023

I will check thanks for your time

Karsten Iwen · ‎10-15-2023

You are right, the FMC is mainly a tool to manage lots of firewalls and do the security event processing. ASDM only had to show the events from a single firewall.

What could you do:

the unified Event viewer under Analysis has a live view. It is not the real time view as in ASDM but it is quite powerful in filtering.
set up a log server like Graylog or something similar. Then let the FTD log to this box (this config is done in the platform settings). These logs again will be “near real time”.