SPI Enabled or not in FTD

adity · ‎06-12-2024

My auditor ask the below points evidence, kindly check and pls help us

1.

Provide screenshot to show stateful inspection enabled on external firewalls in scope.

2.

Provide screenshot for anti-spoofing access list or similar settings on external firewall and/or router.

ccieexpert · ‎06-12-2024

firewalls are by default stateful.. from cli "show conn" will show the stateful connection. as for anti-spoofing ..follow this: https://www.cisco.com/c/en/us/td/docs/security/firepower/630/configuration/guide/fpmc-config-guide-v63/interfaces_for_firepower_threat_defense.html#task_34BB9AC8E91946AB847C65FB79D67A5F

adity · ‎06-13-2024

We are using the FMC-V setup, and not able to see the options which mentioned in the link

Sheraz.Salim · ‎06-13-2024

You have to connect and ssh to your FTD managment port. once connected you need to give command "system support diagnostic-cli" once you in the lina you can issue command "show conn"

Here good documentation to start from.

please do not forget to rate.

ccieexpert · ‎06-13-2024

what version of FMC ? it doesnt matter virtual or hardware similar options should exist.. also "
show conn" can be run from the FMC for a device .

You can also access the CLI tool through the health monitor for the device (System (

) > Health > Monitor). From there, you can select the device, click the View System and Troubleshoot Details link, click Advanced Troubleshooting, then click Threat Defense CLI on that page.