02-23-2019 03:04 AM - edited 02-21-2020 08:51 AM
I have some questions from my customer, Could you help on it? I wrote some responses but I need to check if there is more accurate responses
We did the PoC by FTD2110 v6.2.3
1- if 2 user edit the config then deploy done by one the second admin still see the old config however refresh , reload done only new config appeared after log out and re log in.
My Response I tried to do that in my Lab and found that when some one changed the config it appears to the other, but as Cisco SE told me that the FMC doesn’t support Multi-Admin login.
So any one faced that before and how to fix that?
2. He receives the logs in SIEM with UTC time while he saw these logs on FMC in the actual time.
My Response
When We investigated that we found the following link which mentioned that CLI uses UTC and it is not recommended to change it, So is there is any other solution for that?
https://community.cisco.com/t5/firepower/ftd-2100-ntp-timezone-issue/td-p/3371929
3- Full nessus scan passed through FTD but we received poor information unlike Paloalto as FTD didn’t log the Client used by scanner plugins
My Response
I think this can be done because of Base IPS signature applied, or you can advice something else.
4-Decryption has been applied successfully but not working on time it took around 15 minutes to receive logs has been decrypted .
My Response
The PoC done on FTD2110 version 6.2.3 while the real implementation will be FTD4110 version 6.3 which will use HW Decryption.
5-we couldn’t configure time based security policy . I think it’s not supported
My Response
Time based Security policy is not supported yet, but it can be simulated with Paython script like below link.
Thanks and Best regards,
02-24-2019 04:34 PM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide