Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2154
Views
0
Helpful
1
Replies

How FTD manages UDP traffic

Robturner1
Level 1
Level 1

‎04-12-2019 01:59 AM

Morning

 

We have started to implement FMC and FTD in our estate and have found that the TCP was working fine over the tunnels that we have created.  However, UDP did not seem to be working.  This caused issues around DHCP and voice.  Can anyone guide me to how to get the FTD to inspect the UDP traffic in a stateful manor rather than it blocking or discarding it?

 

Thanks

Labels:
0 Helpful
1 Reply 1

patoberli
VIP Alumni
VIP Alumni

‎04-12-2019 04:56 AM

Let's start with the basics, UDP is a stateless protocol.
Ok, now that we have established this part, you probably realize the problem.
DHCP is even worse, as it uses Broadcast, which normally doesn't work through VPN.

There are some Inspect rules that you can enable/disable, for example for SIP voice traffic, more details here: https://www.cisco.com/c/en/us/td/docs/security/firepower/623/fdm/fptd-fdm-config-guide-623/fptd-fdm-advanced.html

Most often you should (must) simply open the needed ports between the source/destination though.
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card