We have a 3110 with version 7.6 managed by FMC 7.6. The flow is User >> WLC >> Core Switch >> Cisco FTD >> Internet Switch >> ISP Router 1 & ISP Router 2. On FTD we have created sub-interfaces of 10 Gig link and we have two 1 Gig links from ISP. We a...
Forum Posts
Hey all, I currently have an HA pair of FTD 4145 running v7.6.2 When I run command "show failover state" I get a state of Sync Skipped - STANDBYCan anyone provide some clarification as to what this state means and why the sync was skipped? Has the H...
We receive this vulnerability on Cisco C9120AXI-E Access Point, Let me know if anyone has solution for this vulnerabilityCVE ID: CVE-2023-48795https://bst.cisco.com/bugsearch/bug/CSCwi61646?rfs=qvloginhttps://www.tenable.com/plugins/nessus/187315
I currently have an FTD that has public DNS configured on the management interface (>show network, >show DNS system have Umbrella IPs). I have internal DNS IPs assigned to inside data interface using the platform policy. I did not check enable DNS...
Hi all,i Have FMCv on esxi version 7.2.4 connect with 2 FTD same version need to Replace the FMC to new one 1700 it`s version 7.4and after that i need to replace the two FTD with new ones 3100 serise -----i do this berfore but the FMC was 1600 to 170...
I am reading doc on Cisco FTD intrusion policy, can anyone explain to me what the difference is between Rule state and Rule action in Cisco FTD firewall intrusion policy?
We have two Cisco FMC-4600v7.2.9 (build 44) running in HA is two separate geographical sites. Both were in HA and running perfectly. HA failover also working perfectly. But now it's showing HA Sync Failed. Please find the screenshots shown below.Plea...
Hello,We are using a Cisco ASA 5525 firewall and have recently migrated our WAN interface and renamed it. As a result, we need to update all ingress rules by changing the interface from "outside" to "wan".access-list outside_access; 10509 elementsIs ...
I upgraded from 7.0.8.1-4 to 7.0.8.2-2, the pre-check was OK but I encountered the following error in the log file: EXPORT ERROR: The source parameter ("/var/cisco/deploy/sandbox/snort3-pkg/usr/local/sf/bin/snort-75-3.1.0.800-9") did not pass the Typ...
Hi AllI am currently looking into ddos protection services to protect some main internet links.What options are out there? I assume it would need to be further up the chain i.e in the ISP / Cloud ? Also, I see lots of them use BGP flowspec, what trig...
Hi, I'll shortly have to deploy a physical firepower of the 4100 family "4115". I know that the first MGMT interface showing up is for chassis FXOS purpuses. In Cisco videos I've seen that the management interface used for FTD "logical instance" is t...
I have some firewalls running FDM locally and not managed by an FMC that keep shunning specific IP Addresses. How do I configure the FTD to prevent these IP addresses from being shunned like you can in an ASA or with the FMC?
On GitHub is available a new firewall analyzer tool: https://github.com/WatchThisFirewall/WTF.v1Watch-This-Firewall is a firewall assessment tool designed to connect to firewalls and perform a comprehensive analysis of their configurations. It checks...
Resolved! ASA External Interface Lease renewal ?
Hi folks, We have a ASA on 9.12(4)67. There is an ONT that is connected on the external interface and we use DHCP to retrieve our IP and gateway etc. for out internet connection. If this interface drops and then recovers (ONT is in a different room ...
Running FMC 6.2.3.3 with multiple domains with FTD 2100. Added network objects which are visible when scrolling through the object pages. But are not seen when using the search filter and entering the ip address or name. Nor are the new objects sh...
