Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
283
Views
1
Helpful
3
Replies

Agent-to-Agent test behind firewall

Go to solution
atsukane
Level 3
Level 3

‎04-02-2025 03:11 AM

 

Hi All,

 

We are running Agent-to-Agent tests between offices and DC, and seeing loss on the pass visualisation where next hop is firewall.  Firewall is FMC managed Cisco FTD running 7.4.2.1-30.

I'm allowing tcp49153 that is required for agent-to-agent communication and also ICMP on the firewalls at the both ends.

For instance, the below are tests between UK and Singapore, and 100% forwarding loss at the switch in front of the firewall.

Allowed traceroute on the firewall following the below doc, but in our case instead of using the inside and outside interface, using the inside and thousandagent vlan interface, plus platform settings is have rate limit and burst size both set to 3, this was done during the POV.

Allow Traceroute through Firepower Threat Defense (FTD) - Cisco

However, this has not resolved the issue and still seeing loss.

Any idea how to get around this? 

We could use Agent-to-Server test instead between offices alternatively which seem to work and not seeing any loss, but Agent-to-Agent test seems ideal.

Many thanks,

 

atsukane_7-1743588008766.png

atsukane_8-1743588075208.png

atsukane_9-1743588445891.png

 

 

 

 

 

 

 

 

 

 

 

 

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Tyler Langston
Cisco Employee
Cisco Employee

‎04-09-2025 02:04 PM

Hi @atsukane - great to hear from you!

This is one of those tricky 'middle of the road' kind of community questions: there are definitely some resources to provide but I don't have a specific answer. Our experts were torn between providing general info and asking you to contact support so they could get direct eyes on it. So we're going with a 'middle of the road' kind of answer and provide both.

 

From our experts:

The three most useful docs for this type of scenario are:

General overview of how the test works
Deep dive of how the test works
Firewall requirements

If these aren't helpful in resolving the issue, please contact Support so they can review in more detail and help get you specific details.

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Tyler Langston
Cisco Employee
Cisco Employee

‎04-09-2025 02:04 PM

Hi @atsukane - great to hear from you!

This is one of those tricky 'middle of the road' kind of community questions: there are definitely some resources to provide but I don't have a specific answer. Our experts were torn between providing general info and asking you to contact support so they could get direct eyes on it. So we're going with a 'middle of the road' kind of answer and provide both.

 

From our experts:

The three most useful docs for this type of scenario are:

General overview of how the test works
Deep dive of how the test works
Firewall requirements

If these aren't helpful in resolving the issue, please contact Support so they can review in more detail and help get you specific details.

0 Helpful

Go to solution
atsukane
Level 3
Level 3
In response to Tyler Langston

‎04-16-2025 04:56 AM

Thank you @Tyler Langston .

We have 5 days worth of PS time from Cisco, so we can work with them to resolve the issue. 

Just wondered if there are people in this community faced similar issue

Thanks again.

Go to solution
Tyler Langston
Cisco Employee
Cisco Employee

‎04-18-2025 01:33 PM - edited ‎04-18-2025 01:33 PM

Thanks @atsukane - if you still need some help after working with PS shoot me a private message!

0 Helpful
Customers Also Viewed These Support Documents