About cpaquet

cpaquet · 07-25-2024

It's probably a stupid question.. In FMC, when creating route-based S2S VPN (thus using static VTI), why is full mesh is grayed out? Could it be done if all the devices participating in the full-mesh VPN were managed by FMC? Thanks.

cpaquet · 07-24-2024

On FTD, with TLS decryption enabled, "the managed device caches server certificate data, which allows faster handshake processing in subsequent sessions that use the same certificate" (https://www.cisco.com/c/en/us/td/docs/security/secure-firewall/ma...

cpaquet · 05-05-2024

The documentation mentions "When the disposition changes for a file you queried in the last week, the AMP cloud notifies the system." How is FMC being made aware of this change? 1. Does the FMC pulls periodically the cloud for disposition updates fo...

cpaquet · 05-05-2024

I came across a configuration guide which mentions, in the Intrusion Policies chapter, GID 2 as " Tagged Packets. (Rules for the Tag generator, which generates packets from a tagged session. )" https://www.cisco.com/c/en/us/td/docs/security/firepow...

cpaquet · 11-29-2023

1. How can the FMC be configured so that managed devices will block files with cloud lookup disposition: Unavailable instead of letting the file go through while it's waiting for AMP Cloud connectivity to resume? 2. How does the firewall treat a file...

cpaquet · 07-25-2024

Thanks Rob. So, I guess that it could be done, but it wont be done... similar to why DMVPN is only available on routers and not on Firewall? probably a question of sales, leave some features exclusive to routers. Thanks for the prompt and concise r...

cpaquet · 07-24-2024

Thanks Sheraz for your thorough answer. Anyone knows how to get Cisco (the firewall Business Unit I guess) amend the FTD documentation by either adding the command (if such command exists) or by removing the phrase in the doc that says that a command...

cpaquet · 05-05-2024

MHM are you sure of your answer? Here why I have doubt on its validity: 1. FTD has many types of tags, not just SGT. FTD uses tags for tunneled traffic - configured in prefilters. FTD uses tags for applications - configured in ACP > Applications. ...

cpaquet · 08-01-2023

@MHM Cisco World : Rob is not confused. He understand perfectly my original question which is: how can we throttling the traffic generated by FTD itself. This is considered traffic 'to/from' the firewall, and not traffic through the firewall.

cpaquet · 08-01-2023

Hi Rob, excellent suggestion to use syslog rate limit, if throttling for FTD 'self-traffic' is not available.

Member Since	‎08-05-2003 04:26 PM
Date Last Visited	‎07-25-2024 05:42 AM
Posts	111
Total Helpful Votes Received	31

User Statistics

User Activity

FMC S2S route-based VPN - full mesh not available

FTD decryption TLS 1.3 - Flushing certificates in cache

AMP cloud notifies FMC of file dispo change

SNORT GID 2: Tagged Packets

How can FTD block file with Cloud lookup disposition: Unavailable?

Re: FMC S2S route-based VPN - full mesh not available

Re: FTD decryption TLS 1.3 - Flushing certificates in cache

Re: SNORT GID 2: Tagged Packets

Re: Rate limiting FTD's own traffic

Re: Rate limiting FTD's own traffic