About Chuck Reimer

Chuck Reimer · 10-16-2024

Troubleshooting an access error with System Support Firewall-engine-debug and the traffic is hitting an allow rule but says "Pending Rule Order XXX" but never allows the traffic. Can someone explain what this is and how to fix it?

Chuck Reimer · 08-08-2024

Is it possible to setup an FTD 2110 cluster that would support VPN and/or Site2Site connections?

Chuck Reimer · 05-16-2024

Trying to use packet-tracer to determine the direct rule a packet is being allowed but the output only lists what appears to be a dynamic ACL created on the FTD. How can I get the exact rule that is allowing the traffic? ex.packet-tracer input outsid...

Chuck Reimer · 02-16-2024

We are looking at the possibility of implementing Captive Portal to authenticate internal users to resources behind an internal firewall running FTD 7.2.4 code and was wondering if anyone has any experience with this and the stability you have seen w...

Chuck Reimer · 11-29-2022

We are trying to enable SSH access via Platform Settings which is being pushed to 6.6.4 FTD and we are able to login with local accounts but not external accounts. We have an LDAP External Authentication Object defined and use an LDAP base filter to ...

Chuck Reimer · 12-18-2024

What is Cisco's recommended process to backup virtual ftdv devices. Guess I'm looking at just network configurations and routing table. Just enough info we can use the quickly redeploy the device again and add back to FMC and reassign policies.

Chuck Reimer · 08-08-2024

Hi @Rob Ingram yes sorry HA not clustering. Thanks for help!

Chuck Reimer · 05-16-2024

I guess in closing, packet-tracer is a good troubleshooting tool to determine whether the packet is allowed or not but if it is allowed and you want to determine actual rule @Rob Ingram solution works perfectly. Thanks all for the help and guidance o...

Chuck Reimer · 05-16-2024

@MHM Cisco World There is not rule in the pre-filter that would allow this traffic. I think output just says that prefilter was assigned but not necessarily used. Rob's advice worked perfectly if you ever need this info.

Chuck Reimer · 05-16-2024

@Rob Ingram That worked perfectly after I left out the source port. I attended a session last year @ Ciscolive that went over this debug command. Forgot all about it. Thanks for the help here!!

Member Since	‎10-28-2022 06:11 AM
Date Last Visited	‎01-20-2025 09:16 AM
Posts	26
Total Helpful Votes Received	5

User Statistics

User Activity

Traffic Being Blocked by Rule in "Pending Rule Order"

Site2site vpn setup on 2110 FTD

Packet-Tracer Output (FTD 7.2.4)

Captive Portal Implementation on Cisco FTD

SSH Access to FTD Inside Interface

Re: Backup solution for FTD instances on Firepower and FTDv

Re: Site2site vpn setup on 2110 FTD

Re: Packet-Tracer Output (FTD 7.2.4)

Re: Packet-Tracer Output (FTD 7.2.4)

Re: Packet-Tracer Output (FTD 7.2.4)