Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
Hello, We have an FPR-2130 pair (Active - Standby) and I recently see increased ASP Drops (see attached image). It is supposed to be "Flow Denied by access rule, Flow Denied by configured rule".We need to understand better what this is about.How can ...
Hello, We have a pair of FTD2130 behind a pair of routers (border routers for the campus, running BGP). This is Campus A (main campus).The topology is described briefly below:The FTD pair (running v7.2.10.2) is in Active-Standby mode; it serves as Fi...
We have a router connected to our ISP.There are internal private networks like: 10.230.230.0/24, which are NAT'ed over the ISP connection. (See configuration below.)Over the ISP connection we also have two P2P VPN tunnels, providing access to devices...
Hello,I am on FTD2130.I have configured various interfaces with their respective subnets and they are advertised successfully over OSPF.I want to advertise over OSPF a subnet which includes public addresses to be used as NAT gateways (for various pri...
Hello, Can you please clarify whether AIR-AP1832I-E-K9 access points are compatible with Catalyst 9800-L wireless controllers? At https://www.cisco.com/c/en/us/td/docs/wireless/compatibility/matrix/compatibility-matrix.html Table 4 we can see compati...
Thank you for your prompt reply; I have been able to get data. I see large numbers of flows from the same IP Address (obfuscated below as abc.def.ghi.jkl because it's public) like: ...416: 13:33:23.149238 802.1Q vlan#40 P0 abc.def.ghi.jkl.60463 > 255...
Thanks. Yes, I was referring to the incoming traffic. I understand that it does not make a lot of sense to inspect outgoing traffic so thoroughly in the first place. It's the incoming traffic that is mainly causing risks.
Thank you for the hint. So, for SSL Inspection do we need to provide to FPR2130s the private key of each and every SSL Certificate of the hosted domains to be inspected?
Thank you very much for the quite enlightening details you have provided. We can now examine our options much better. If I need some more clarifications, I will request your feedback again. I appreciate your kind assistance. Best regards,Nick
The remote devices physically are geographically distributed (over the whole country) metering stations (of various types) with mobile network (4G) connectivity via a SIM card. They are assigned a private IP on a dedicated private subnet (10.254.90.0...
