Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1925
Views
5
Helpful
1
Replies

FTD PoC Customer concerns

Mzamzam
Level 1
Level 1

‎02-23-2019 03:04 AM - edited ‎02-21-2020 08:51 AM

I have some questions from my customer, Could you help on it? I wrote some responses but I need to check if there is more accurate responses

 

We did the PoC by FTD2110 v6.2.3

1- if 2 user edit the config then deploy done by one the second admin still see the old config however refresh , reload done only new config appeared after log out and re log in.

 

My Response I tried to do that in my Lab and found that when some one changed the config it appears to the other, but as Cisco SE told me that the FMC doesn’t support Multi-Admin login.

So any one faced that before and how to fix that?

 

2. He receives the logs in SIEM with UTC time while he saw these logs on FMC in the actual time.

 

My Response

When We investigated that we found the following link which mentioned that CLI uses UTC and it is not recommended to change it, So is there is any other solution for that? 

https://community.cisco.com/t5/firepower/ftd-2100-ntp-timezone-issue/td-p/3371929

 

3- Full nessus scan passed through FTD but we received poor information unlike Paloalto as FTD didn’t log the Client used by scanner plugins

 

My Response

I think this can be done because of Base IPS signature applied, or you can advice something else.

 

4-Decryption has been applied successfully but not working on time it took around 15 minutes to receive logs has been decrypted .

 

My Response

The PoC done on FTD2110 version 6.2.3 while the real implementation will be FTD4110 version 6.3 which will use HW Decryption.

 

5-we couldn’t configure time based security policy . I think it’s not supported

 

My Response

Time based Security policy is not supported yet, but it can be simulated with Paython script like below link.

https://community.cisco.com/t5/security-blogs/time-based-acls-in-firepower-threat-defense-ftd-v6-2/ba-p/3664122

 

Thanks and Best regards,

0 Helpful
1 Reply 1

Alessandro Roberto Alves
Level 1
Level 1

‎02-24-2019 04:34 PM

HI Mzamzam, see answers bellow. 1. Answer: Only one person at a time can make the change and save. What might happen is to display a message stating that there is an updated version of the configuration. Because the administration is done through the form, it will only be changed after sending the information, you can not control this. 2. Since you will use the FMC, you can change the UTC to your location only in the FMC and from it, send the information to the SIEM. In this way, SIEM will present local time. 3. Right. 4. Right 5. Right. Hope this helps. Sign up for our channel to receive information and a few tutorials on Cisco security solutions. https://www.youtube.com/channel/UC6KHImW6F7Hz1k2-AY0n_oQ
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card