Activity in Security
Resolved! Is there a way to find out the physical interfaces used by a port channel in FTD 4110 or 2120 through FMC gui or FTD cli or from anywhere else?
I have lately realised that there is no way to actually figure out the physical interfaces used by a port-channel in FTD 4110s or 2120s or probably any FTDs through the FMC gui or FTD cli. I asked TAC about this and they also advise there is no way t...
Reminder: Duo CA bundle update; action required by February 2, 2026!
This is a reminder that Duo’s existing CA bundle will expire on April 15, 2026 due to the the Mozilla CA distrust policy. This expiration will affect all Duo products that use certificate pinning. This service change affects all Duo customers and d...
clarity on Throughtput of cisco FTD 2130
as cisco firepower 2130 throughput is 10 Gbps raw and 5.4 Gbps NGFW and ISP and 760 Mbps when TLS decryption is enabled . Is this 760 Mbps is the overall throughput of the firewall when TLS decryption is enabled or non TLS traffic can pass through 5....
TCP-state-bypass on FMC managed FTD
Hi All,I'm seeing tons of %FTD-4-419002: Duplicate TCP SYN from Inside:x.x.x.x/36769 to OUTSIDE:y.y.y.y/80 with different initial sequence number on multiple FTDs where the source IP x.x.x.x is ThousandEyes Enterprise agents' IPs.I've found this doc ...
Using WCCP to redirect traffic to a Palo Alto Web Proxy
Hello, If we want to use WCCP on a FTD firewall to redirect web traffic to a Palo Alto Web Proxy, is that possible? I know that Palo Alto doesn't support WCCP but since it would be a Cisco device doing the re-direction, does the receiving device nee...
Send RAVPN syslogs FMC managed FTD
HI All,First of all, apologies in advance if this is an obvious question, however, I'm a bit confused how to configure syslogs for FMC managed FTDs.FMC is 7.6.2.1 and FTDs are mixture of 7.6.1.1 and 7.4.3, but in this specific case FTD2k running 7.4....
Resolved! FTD High Availability Failover using EtherChannel
I have 2 x FTD2110 managed by an FMCv, all v6.2.2. I'm trying to create an HA pair using an EtherChannel rather than a single physical link. However, only the physical interfaces are appearing in the dialog box to create the HA pair. The documentatio...
CSCwp15105 - ISE 3.4 Patch 1 TrustSec Policy Matrix does not display
Anyone having issues seeing your TrustSec matrix after upgrading? I went from 3.3 to 3.4 patch 4 (not patch 1). The workaround to log into ISE with admin account does not work. The other issue is, I do not even see the TrustSec policy from the menu w...
CSCws21678 - Zombie processes created by cscan on macOS Tahoe
Just an FYI as this one was hard to find. All of our developers on MacOS Tahoe and the latest version of the Cisco Secure Client have the issue.### Root Cause Analysis of Spindumps 1. **Process Identification**:* The affected process is `cscan`, loc...
What's the easiest way to add a new subnet in FTD b4 decomming the old
Hello Experts,We have a Cisco Firepower 2130 in production running version 7.4.2.4 which we manage via FMC. A Port-Channel with a VLAN has been configured on the FTD with its own IP address serving as the gateway for DHCP clients while the FTD serves...
Can SIA be used in a Secure Private Access environment?
In an environment where only the "Secure Private Access (SPA)" license for "Cisco Secure Access (SA)" has been purchased, can the Secure Internet Access (SIA) function be used if desired? For example, is there a mechanism in place to hide SIA-specifi...
ISE 3.2 P7–Context Visibility reset impact
Hi all,We are running Cisco ISE 3.2 Patch 7 (6 nodes, no dedicated MNT).We’re seeing an issue where not all endpoints imported via API from an external identity source are showing up in Context Visibility.Cisco documentation suggests resetting and re...
Anyconnect VPN SAML SSO with Azure IdP, Multi-Tunnel Groups
SymptomsI had incredible difficulty locating details and even vendor support surrounding setting up Azure SSO to service anyconnect connectivity with multiple tunnel groups. So thought I'd potentially help by documenting the fixDiagnosisAfter followi...
ISE Alarm : Warning : Profiler SNMP Request Failure. Error Message=Req
ISE Alarm : Warning : Profiler SNMP Request Failure. Error Message=Request timed out.I keep getting daily alarms for all different switches in my network. I've been through and removed any old SNMPv2 configuration and I've added only SNMPv3. I can co...
Resolved! Multiple emails for single user
Hello, I am setting up a Duo environment for our users. All of our users have 2 email addresses, formatted as follows: username@123.com and username@abc.com. Our on-prem Exchange is set up to give every account both emails as an alias for the same ac...
| User | Helpful Count |
|---|---|
| 114 | |
| 25 | |
| 22 | |
| 11 | |
| 9 |
