Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
I have a customer who has a single FMCv that is managing 4 x FTD 4115 appliances. The customer is using the FTD 4k's as follows:
1 HA pair for Firewall functionality only with Threat so config includes:- Interfaces, Static Routes, Objects, ACLs, NAT ...
How do I configure SSH sessions to TIMEOUT after 5 minutes on FTD 1K devices, I know you can set console timeout under platform policy, but what about SSH session? Is the console timeout the same thing or do I have to do this somewhere else - for exa...
We have a situation where:
1) Customer is replacing their Headend Firewall / VPN device (SonicWall); with FTD 1000 using FTD.2) They have several Dynamic S2S VPNs on Draytek routers.3) In testing we found out that the Headend FTD when using dynamic S...
Is there any simple way to determine the average packet size of IP packets or Ethernet frames that are traversing interfaces on an ASA running FTD code, I know we have the packet capture tool and could probably obtain a smallish snapshot of traffic a...
I do quite a few ASA to FTD migrations and many customers want a "Big Bang" approach. I am familiar with all the Migration tools that Cisco offer but they do have their limitations. The limitation for me is that I have a customer who has 200 static r...
Thank you for your response Marvin - I have a question? Rather than take the old one offline; as the old one is stand alone, would it be possible to make the new one the old ones "HA mate", complete the sync up etc, then switch-peers so the new Hyper...
I can get the debugs posted as I have replicated the issue in a lab environment with FTDv and a real Draytek of the same model. The issue seems to be with the Draytek rather than the FTD when it comes to using RSA sigs; so we are waiting for them to ...
BEST POST EVER MATE - I have been trying 3-4 days to get 2 FTDs to use RSA Sigs for a S2S VPN and your post fixed it, TOP MAN !!! Thanks so much, its been driving me mad.
I totally agree I have customer with the same problem and they do use IPS and AMP. 1 cpu is 90% the other 3 are less than 20. This seems a non optimal setup especially with the advent of SASE. Having said that the ASA55x are being phased out I guess ...
