Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
Troubleshooting an access error with System Support Firewall-engine-debug and the traffic is hitting an allow rule but says "Pending Rule Order XXX" but never allows the traffic. Can someone explain what this is and how to fix it?
Trying to use packet-tracer to determine the direct rule a packet is being allowed but the output only lists what appears to be a dynamic ACL created on the FTD. How can I get the exact rule that is allowing the traffic? ex.packet-tracer input outsid...
We are looking at the possibility of implementing Captive Portal to authenticate internal users to resources behind an internal firewall running FTD 7.2.4 code and was wondering if anyone has any experience with this and the stability you have seen w...
We are trying to enable SSH access via Platform Settings which is being pushed to 6.6.4 FTD and we are able to login with local accounts but not external accounts. We have an LDAP External Authentication Object defined and use an LDAP base filter to ...
What is Cisco's recommended process to backup virtual ftdv devices. Guess I'm looking at just network configurations and routing table. Just enough info we can use the quickly redeploy the device again and add back to FMC and reassign policies.
I guess in closing, packet-tracer is a good troubleshooting tool to determine whether the packet is allowed or not but if it is allowed and you want to determine actual rule @Rob Ingram solution works perfectly. Thanks all for the help and guidance o...
@MHM Cisco World There is not rule in the pre-filter that would allow this traffic. I think output just says that prefilter was assigned but not necessarily used. Rob's advice worked perfectly if you ever need this info.
@Rob Ingram That worked perfectly after I left out the source port. I attended a session last year @ Ciscolive that went over this debug command. Forgot all about it. Thanks for the help here!!
