About Difan Zhao

Difan Zhao · 09-22-2023

Hi experts,I am using the FTDv to filter traffic between the VPCs. The video I followed is this one - https://www.youtube.com/watch?v=EuXrVc2hpNk&t=14sNow my firewall is receiving the ping packets from the source VPC but it is not forwarding it to th...

Difan Zhao · 09-20-2023

I followed this YouTube video to create the instance. https://www.youtube.com/watch?v=_WfqPZWgM0c&t=1212sI pre-created four interfaces. The mgmt and diag interfaces are in the mgmt subnet that has a default route to IGW. The inside and outside interf...

Difan Zhao · 01-14-2021

Hey gurus,I am trying to remove an entry in an ACL.Extended IP access list Test-Extended 10 permit ip any any 20 deny ip 2.2.2.0 0.0.0.255 3.3.3.0 0.0.0.255 <- This is the one to remove 30 permit tcp 3.3.3.0 0.0.0.255 4.4.4.0 0.0.0.255I ha...

Difan Zhao · 01-11-2021

Hi gurus,I recently started to learn ansible for network automation. I run into a few questions that I can't find answers with my google skills...1. How to list all the installed modules? "ansible-doc -l" lists everything available ansible offers I t...

Difan Zhao · 01-07-2021

Hi, I am not sure if this is the right place for the question...I followed some link to generate key, then a CSR. Then I went to the MS cert server and obtained a cert (with the webserver template). Then I imported the cert in my router. GIR02-70#sho...

Difan Zhao · 09-21-2023

Ok so I found out that AWS can do a "EC2 serial console" connection to it. Once I got in, I landed in the > prompt. Then I ran the "configure network ipv4 manual 10.1.1.4 255.255.255.240 10.1.1.1" command and now it works.. I didn't do a "show networ...

Difan Zhao · 09-21-2023

Hi Milos, sorry I meant I could connect to the Linux box and from the Linux box, I still can't connect to the FTD with its private IP on the mgmt subnet... I have updated my original post to have more clear wording. Sorry about the confusion... Thank...

Difan Zhao · 02-11-2021

Hey thanks Alex. I actually got it figured out that I could use this to delete an entryDELETE: https://<ip>/restconf/data/Cisco-IOS-XE-native:native/ip/access-list/extended=TEST/access-list-seq-rule=10/ However, I still haven't figured out how to rem...

Difan Zhao · 01-13-2021

So I got answers from the Cisco tech. You must have a valid SAN field in your certificate for browsers to acceptCisco routers have this bug that doesn't generate the SAN correctly https://bst.cloudapps.cisco.com/bugsearch/bug/CSCsk85992thatThe workar...

Difan Zhao · 01-11-2021

Hey thanks MHM, could you send me the link for this, please? SAN should be a very common field. I am surprised to know that it is designed to be used only in the self-signed certs..

Member Since	‎08-16-2007 09:43 AM
Date Last Visited	‎09-27-2023 12:02 AM
Posts	675
Total Helpful Votes Received	44

User Statistics

User Activity

FTDv in AWS with GW LB - how to setup static routes?

Deploy FTDv in AWS - not reachable

How to remove an entry in an ACL with Restconf

Ansible Cisco ios questions

How to specify a certificate to be used by the http secure-server on the IOS router?

Re: Deploy FTDv in AWS - not reachable

Re: Deploy FTDv in AWS - not reachable

Re: How to remove an entry in an ACL with Restconf

Re: How to specify a certificate to be used by the http secure-server on the IOS router?

Re: How to specify a certificate to be used by the http secure-server on the IOS router?