Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
We're looking to deploy a pair of Cisco FTDvs into an Azure vWAN but the advice from Cisco is that you can't deploy site-to-site VPNs from a FTDv when it's deployed in Azure vWAN. Just checking if anyone has any experience of this? I'm having some ...
We've a customer who wants to deploy some vFTDs in AWS with auto scaling, most of this is ok but I'm stuck on how we monitor (ping, SNMP poll / traps & netflow) firewalls which both:Allocated IP addresses using DHCPAre auto created by scripting, so t...
I've created a VPN successfully from a Cisco FMC managed FTD (v7.4.2.4) to a AWS VPN gateway, but am having issues as the IKEv2 phase 1 SA lifetime doesn't match. The AWS side always uses 28800 and I've configured a policy on the FTD to use 28800 se...
If it helps anyone in the future, what Cisco recommended which fixed this was: - While you assign priorities to a IKEv2 policy, for to these to make it into the config they have to be non-overlapping priority numbers. i.e. You can't have 2 priority ...
I agree that I'd always expect fixed IPs on a firewall, but with AWS autoscaling, new firewalls are created dynamically based on traffic load. So you've neither a fixed number nor static IP addresses.With a small company it might be feasible to look...
Thanks, I'd noticed that and it was why I was wondering if there were cloud specific tools / integrations with the AWS console. Often monitoring systems now will SNMP poll a controller and pull down a list of devices and their stats, as asking a NOC...
Thanks for the reply, that does seem an odd way for the standard to be written (negotiating phase 2 lifetime, but not phase 1) but that does seem like correct way to do things, and was even mentioned so in the IKEv2 RFC.We had configured IKE keepaliv...
