Cisco Community
English
Register
Congratulate December's Spotlight Awardees. CLICK HERE
Register
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

738
Views
5
Helpful
2
Replies
Highlighted
hesamyazdanparast67
Beginner
Beginner
‎04-26-2018 01:08 PM
‎04-26-2018 01:08 PM

logging issues in Cisco FTD

Hello 

i have got an issue in FTD logging.

i have configured logging in Cisco Firepower 4110 running FTD 6.2.2 and i have configured logging to log from all connections and sessions.

i have NAT on the FTD and logs of NAT doesn't display the public IP of the users although i can see these public ip addresses from using "show xlate " command.  

Labels:
Preview file
42 KB
Preview file
137 KB
0 Helpful
Reply
2 REPLIES 2
Highlighted
mohanB
Beginner
Beginner
‎06-15-2018 01:02 PM
‎06-15-2018 01:02 PM

if you look at packet flow through FTD, you can see addition of NAT IP header is after the prefilter/ACP/Snort treatment, so the logs are being sent when it hits the ACP,  which is before the NAT IP header addition (xlate table).

 

Reply
Highlighted
Marvin Rhoads
Hall of Fame Guru Hall of Fame Guru
Hall of Fame Guru
‎06-15-2018 10:19 PM
‎06-15-2018 10:19 PM

In addition to what @mohanB correctly noted, you do have the option of configuring a Netflow export using FlexConfig. The NSEL format will include the NATted address.

0 Helpful
Reply
Latest Contents
#CiscoChat Live: Accelerating your security maturation journ...
Created by Kelli Glass on 01-15-2021 04:48 PM
0
0
0
0
Join us live on Tuesday, January 19 at 10:00 am PT (and on demand after) as we discuss the latest version of ATT&CK and the expansion of TTPs in v8.  As a security expert, you are tasked with protecting your environment. You see the value of... view more
#CiscoChat Live: Accelerating your security maturation journ...
Created by Kelli Glass on 01-15-2021 04:46 PM
0
0
0
0
Join us live on Tuesday, January 19 at 10:00 am PT (and on demand after) as we discuss the latest version of ATT&CK and the expansion of TTPs in v8.  As a security expert, you are tasked with protecting your environment. You see the value of... view more
What's New for Cisco Defense Orchestrator (CDO)
Created by Andrew Mallio on 01-15-2021 06:09 AM
1
40
1
40
Cisco Defense Orchestrator (CDO) is a cloud-based, multi-device manager that manages security products like Adaptive Security Appliance (ASA), Firepower Threat Defense next-generation firewall, and Meraki devices, to name a few.  We make improvement... view more
Serious problem with Object Groups + Access Policies in FMC
Created by mhmservice on 01-15-2021 04:31 AM
0
0
0
0
Hi allI've been having a major problem with Object Groups in FMC access policiesIf I have a pre-existing line in a policy with an Object Group which contains a list of IPs, if I add an additional IP to that object group, then deploy, the traffic is still ... view more
No cts dot1x command in interface configuration mode
Created by tanzhy on 01-14-2021 01:49 AM
3
0
3
0
Anyone know why there are no cts dot1x command in interface configure mode?I  just find cts manual and cts role-based command      Hardware is  C9300-48PSoftware is   Cisco IOS XE Software, Version 16.12.04License i... view more
Content for Community-Ad