About cpaquet

cpaquet · 07-28-2024

See screen shot. Documentation doesn't say what is the meaning of a Device cert with the status of "identity certificate not applicable". Anyone knows? Thank you.

cpaquet · 07-25-2024

It's probably a stupid question.. In FMC, when creating route-based S2S VPN (thus using static VTI), why is full mesh is grayed out? Could it be done if all the devices participating in the full-mesh VPN were managed by FMC? Thanks.

cpaquet · 07-24-2024

On FTD, with TLS decryption enabled, "the managed device caches server certificate data, which allows faster handshake processing in subsequent sessions that use the same certificate" (https://www.cisco.com/c/en/us/td/docs/security/secure-firewall/ma...

cpaquet · 05-05-2024

The documentation mentions "When the disposition changes for a file you queried in the last week, the AMP cloud notifies the system." How is FMC being made aware of this change? 1. Does the FMC pulls periodically the cloud for disposition updates fo...

cpaquet · 05-05-2024

I came across a configuration guide which mentions, in the Intrusion Policies chapter, GID 2 as " Tagged Packets. (Rules for the Tag generator, which generates packets from a tagged session. )" https://www.cisco.com/c/en/us/td/docs/security/firepow...

cpaquet · 08-02-2024

@Rob Ingram Thanks Rob: got it. The screen shot is looking at the CA Root cert installed on NGFW1 and not at the NGFW1 own identity cert. My bad to not have caught that before. Thanks again for your replay.

cpaquet · 07-25-2024

Thanks Rob. So, I guess that it could be done, but it wont be done... similar to why DMVPN is only available on routers and not on Firewall? probably a question of sales, leave some features exclusive to routers. Thanks for the prompt and concise r...

cpaquet · 07-24-2024

Thanks Sheraz for your thorough answer. Anyone knows how to get Cisco (the firewall Business Unit I guess) amend the FTD documentation by either adding the command (if such command exists) or by removing the phrase in the doc that says that a command...

cpaquet · 05-05-2024

MHM are you sure of your answer? Here why I have doubt on its validity: 1. FTD has many types of tags, not just SGT. FTD uses tags for tunneled traffic - configured in prefilters. FTD uses tags for applications - configured in ACP > Applications. ...

cpaquet · 08-01-2023

@MHM Cisco World : Rob is not confused. He understand perfectly my original question which is: how can we throttling the traffic generated by FTD itself. This is considered traffic 'to/from' the firewall, and not traffic through the firewall.

Member Since	‎08-05-2003 04:26 PM
Date Last Visited	‎08-07-2024 01:09 AM
Posts	113
Total Helpful Votes Received	31

User Statistics

User Activity

FMC - FTD cert Status "Identity certificate not applicable"

FMC S2S route-based VPN - full mesh not available

FTD decryption TLS 1.3 - Flushing certificates in cache

AMP cloud notifies FMC of file dispo change

SNORT GID 2: Tagged Packets

Re: FMC - FTD cert Status "Identity certificate not applicable&qu

Re: FMC S2S route-based VPN - full mesh not available

Re: FTD decryption TLS 1.3 - Flushing certificates in cache

Re: SNORT GID 2: Tagged Packets

Re: Rate limiting FTD's own traffic