About plwalsh

plwalsh · 02-23-2024

Hi,It seems to me that the Network categories of Security Intelligence , for use in FTD policy, have changed in the last couple of days. there seems to be a huge number of entries in Bots compared to before. The number of entries in Malware seems mu...

plwalsh · 07-21-2023

Hi,I upgraded FMCv from 6.6.5 to 7.2.4. A few days later, my active-standby HA pair of FTD 6.6.5 devices failed over during resilience testing. FMC gave a health monitor alert about interface changes detected. In the Interface config screen for the H...

plwalsh · 06-16-2023

Hi,I've noticed when a particular on-prem host downloads a large dataset from AWS S3 using SSL/TLS on tcp 443, my FTD 6.6.5.2 has its LINA CPU spike by 20%-25%. The flow is 800Mbps for several hours. I identifed the traffic and fastpathed it using pr...

plwalsh · 01-08-2021

Hi, We updated our FMC virtual appliance from 6.4.0.9 to 6.6.1. It has the required 32GB RAM and 4 vCPU. Since the update the CPU Usage health test in FMC Health Monitor reports as 'Test Failed'. Has anyone encountered this issue? Regards,PW

plwalsh · 09-13-2018

I use FMC to monitor a HA pair of 2140s with FTD 6.2.3.3. I sometimes receive alerts for high CPU e.g. Health Monitor Alert from XXXX (mgmt ip of 2140 device) Time: Mon Sep 10 09:23:48 2018 UTC Severity: critical Module: CPU Usage Description: Using ...

plwalsh · 09-12-2023

Regarding this recent vulnerability to 'brute force attack in an attempt to identify valid username and password combinations ' , is the ASA brute force vulnerability only related to LOCAL usernames? i.e. if I apply the various workarounds to any LOC...

plwalsh · 09-08-2023

7.2.5 has been released and is now the recommended version for Firepower 1120. Perhaps that will contain a fix for your bug.

plwalsh · 09-08-2023

You could enable IAB in monitor mode and see if that identifies the source/destination the next time your snort process hist 100% CPU. IAB will log a connection event with 'Would Bypass' when triggered.

plwalsh · 09-06-2023

Yes, I did. The bug seemed to be cosmetic - the interfaces had not changed. TAC had me: 1) From the FTD interface menu, select Sync Device, confirm and Save changes and deploy 2) enter the FMC CLI and use OmniQuery.pl to identify the UUID of the ambe...

plwalsh · 08-02-2023

Delete VDB 368 from the Updates page. Try to download it again - click the Check for Downloads button on the Updates page . If VDB 368 downloads correctly, either install it manually from the Updates page or schedule a task to install it later. If it...

Member Since	‎10-03-2005 02:55 AM
Date Last Visited	‎02-24-2026 12:08 AM
Posts	55
Total Helpful Votes Received	22

User Statistics

User Activity

Security Intelligence - categories changed Feb 2024?

FTD HA pair - interface changes detected after failover

Data transfer from AWS S3 tcp 443 to on-prem - LINA cpu spikes 20%

FMC virtual appliance - CPU Usage - test fails since update to 6.6.1

FMC - device CPU monitoring

Re: Allow local user for only ASA admin and not RA VPN

Re: Major Bug in FTD 7.2.4

Re: FMC 100 % cpu utilization due to high data transfr,find bandwidth

Re: FTD HA pair - interface changes detected after failover

Re: FMC - Installing Vulnerability And Fingerprint Database Updates Fa