Solved: FTD questions

benolyndav · ‎09-16-2020

Hi

Can anyone explain what(message-length maximum 512) and ("message-length maximum client auto") means and does please, and why ( message-length maximum) its set to 4096 on our ASA but 512 on our FTD's, and can the 512 setting on FTD cause any issues.?

also can anyone tell me how to use the connectivity over security on a per rule basis .??

much appreciated

benolyndav · ‎09-17-2020

Hi

Thanks for that, I did see where to use connectivity over security per rule, i was looking while a rule was set to trust it has to be allow so the drop down is available.

thanks

View solution in original post

balaji.bandi · ‎09-16-2020

I have seen this issue when i was using FWSM - when the MS Windows caused by Extension Mechanisms for DNS (EDNS0), this allows the use of UDP packets that are larger than 512 bytes. Some firewall systems do not like this and will drop the traffic.

ASA old code use message-length maximum 512

New ASA code support below command

message-length maximum client auto

This can be fixed with MS Windows side also.

use the connectivity over security on a per rule basis .??

https://www.cisco.com/c/en/us/td/docs/security/firepower/623/fdm/fptd-fdm-config-guide-623/fptd-fdm-intrusion.html#:~:text=The%20system%20uses%20the%20Balanced,precedence%20over%20network%20infrastructure%20security.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

benolyndav · ‎09-17-2020

Hi

Thanks for that, I did see where to use connectivity over security per rule, i was looking while a rule was set to trust it has to be allow so the drop down is available.

thanks

FTD questions

FTD Question

Cisco Secure Firewall (FTD) - How To

FTD Geolocation Question

Doc - Troubleshooting de tráfico de datos y control en el FTD

FTD: DoS/DDoS 攻撃からの保護方法