Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1138
Views
5
Helpful
8
Replies

FTD connection troubleshooting command

Pavel Pokorny
Level 1
Level 1

‎01-19-2023 05:01 AM

Dear all,

Please advice in one thing. Imagine I am looking for user which is causing most of the connections over my firewall.

On ASA I was using simple commands (where 500 is number of connections per ip address):

sh local-host connection udp 500 | i local or sh local-host connection tcp 500 | i local

Is there any easy way to use something like above on FTD? Or any suggestion how to handle this issue?

Kind regards,

Pavel

8 Replies 8

MHM Cisco World
VIP
VIP

‎01-19-2023 05:13 AM

Cisco Secure Firewall Threat Defense Command Reference - show j - show o [Cisco Secure Firewall Threat Defense] - Cisco

according to this command ref you can use same command in FTD also 

0 Helpful

Pavel Pokorny
Level 1
Level 1
In response to MHM Cisco World

‎01-19-2023 05:49 AM

Hi,

Yes you can, but there is no option for limit - ie 500 in my example.

 

Thnx

0 Helpful

MHM Cisco World
VIP
VIP
In response to Pavel Pokorny

‎01-19-2023 08:06 AM

show local-host [ hostname | ip_address] [ detail] [ all] [ brief] [ connection { sctp | tcp | udp | embryonic} start[- end]] [ zone]

But there count in command ref. 

Also guide five example excat what you need 

Show local-host udp 4 tcp 10.

 Can  you check the guide again.

0 Helpful

Pavel Pokorny
Level 1
Level 1
In response to MHM Cisco World

‎01-19-2023 08:44 AM

> show local-host
Hostname or A.B.C.D Show local host information corresponding to this ip address
brief Enter this keyword for brief information
detail Enter this keyword for detailed information
zone Show local host information based on zone
| Output modifiers
<cr>

 

As you can see, there is no option for UDP or TCP selection (version 7.0.4)

 

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame

‎01-19-2023 05:37 AM

How about using "show conn"? Save the output and sort it with Excel to get a count.

0 Helpful

Pavel Pokorny
Level 1
Level 1
In response to Marvin Rhoads

‎01-19-2023 05:51 AM

Hi,

That's very time consuming. Instead of 2 commands (one for UDP, second for TCP) I will have use Excel and copy data to this, sort and then filter. Imagine you have hundreds thousands of connections....

Anyway, thank you

0 Helpful

buffkata
Level 1
Level 1

‎01-19-2023 07:27 AM

This is interesting - I have done this in FTD (v6.4) but I have not used those commands recently and now it is not available in v7.0.4/9.16.3.18

show local-host connection tcp 500 | in host|count/limit

it is not an option :

sh local-host ?

Hostname or A.B.C.D Show local host information corresponding to this ip
address
Hostname or X:X:X:X::X Show local host information corresponding to an IPV6
address
brief Enter this keyword for brief information
detail Enter this keyword for detailed information
zone Show local host information based on zone
| Output modifiers
<cr>

 

0 Helpful

Pavel Pokorny
Level 1
Level 1
In response to buffkata

‎01-19-2023 08:43 AM

Cisco in their wisdom made a change: 

7.0

The following keywords were deprecated: all , connection .

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card