About andre.baumgarten

andre.baumgarten · 01-31-2025

Hello Community, i was struggle with a challenge long time and now finally have a solution, which i want to share with you. The challenge: Trustsec Domain is broken through VPNs over FirePower FTD between two DNA Fabrics.Find below the traffic flow:...

andre.baumgarten · 01-30-2025

Hello Community, i want to build a Hub-Spoke Topology with dynamic VTIs. The final design is using BGP which is working perfectly. For testing i wanted to set a static route from HUB (with dyn vti) to Spoke. But i cannot select the dyn VTIinterface i...

andre.baumgarten · 01-15-2025

I had issues with ERSPAN in my lab, too. The trick at my lab was, that the ERSPAN interface of FlowSensor and the Mgt Interface if FlowSenor must be in seperate VLANs! Check that

andre.baumgarten · 01-15-2025

I had the snort-blacklist issue several time. In my case it was always related to SSL Offloading. So please try to: 1.Try Deactivate EVE in ACP 2.Try deactivate "Early application detection and URL categorization" in ACP 3. Try deactivate SSL Policy,...

andre.baumgarten · 01-15-2025

Hello, 1. I also tried the Umbrella Integration, works good... but it seems that reverse DNS was not working so we went back to VAs. We have Brances asking VAs in central Hub sites at the moment. But Umbrella FTD integration is made for exactly that....

andre.baumgarten · 01-15-2025

did you enable promiscous mode on the vSwitches? i my lab everything is dead on VMs without enabling it in vSwitch. Also enable "MAC changes"

andre.baumgarten · 01-15-2025

Hello, i have this setup at my customer. And yes secondary FMC also update IP-to-SGT mappins on FTDs, as all FTDs have always 2 sftunnels open. One to primary and one to secondary FMC. So both FMCs are some kind of always active, you only enable the ...

Member Since	‎12-03-2007 02:55 AM
Date Last Visited	‎03-18-2025 02:34 AM
Posts	18
Total Helpful Votes Received	19

User Statistics

User Activity

Enforce egress SGT over PxGrid with PBR Cisco Firepower

Static route throug dynamic vti

Re: Flow Sensor - ERSPAN

Re: ftd snort is blacklisting download traffic

Re: Configure Cisco Umbrella in a remote office

Re: FTDv cannot connect - new installation

Re: Integrate FMC HA with ISE pxGrid