About dcanady55

dcanady55 · 03-14-2025

Hello,FTD's 2110 running 7.4.2. Under intrusion events dashboard some of my top attackers are my DC's that run DHCP and DNS. I'm trying to understand why Cisco is classifying what looks like normal DNS traffic as a port scan saying the client was usi...

dcanady55 · 03-10-2025

Hello,We have a pair of 2110 FTDs running version 7.4.2.1 in HA mode, currently connected to a dedicated fiber internet connection at datacenter A. I'm considering adding a cheaper secondary internet connection to set up a site-to-site VPN between da...

dcanady55 · 01-16-2025

Hello,Currently have 2110s running 7.4.2 and I've been playing around with EVE which brought me to the conversation about QUIC. I wanted to get a feel for what others are doing with QUIC and if most are allowing this or blocking it all together.Thank...

dcanady55 · 01-02-2025

Hello,We are currently using Cisco 2110s, and it appears that Cisco still does not allow us to remediate elephant flows in the advanced section. The only way to reduce the impact seems to be by setting up a trust rule for specific traffic. Upon analy...

dcanady55 · 12-30-2024

FTD 2110 on 7.4 Geolocation 2024-12-14-066I have an Access Control Policy (ACP) rule configured to block access from our internal network to several foreign countries using Cisco’s Geolocation feature. However, I’m still observing traffic to these bl...

dcanady55 · 03-12-2025

Thanks for the response, Balaji.

dcanady55 · 01-03-2025

Hello,Running 7.4.2.1 on 2110.I don't have any thresholds setup for elephant flows because that feature is not available for 2110s. I thought Trust does not use snort as that's what the guide says.

dcanady55 · 12-31-2024

Thanks for the additional information! I was able to simulate the traffic and confirmed it was being blocked. Initially, I was looking for Syslog ID 430003, but it turns out the logs were under 430002.Why wouldn’t packet tracer show that this would b...

dcanady55 · 12-31-2024

Hey Rob,Thanks for the additional information! I was able to simulate the traffic and confirmed it was being blocked. Initially, I was looking for Syslog ID 430003, but it turns out the logs were under 430002.Why wouldn’t packet tracer show that this...

dcanady55 · 11-14-2024

Aref,I tried both approaches while searching for a specific destination IP and port, but neither worked. As I mentioned in my original post, I used the support trace, which indicated the rule I thought was being applied. However, when I checked my sy...

Member Since	‎10-10-2013 06:13 AM
Date Last Visited	‎03-18-2025 02:34 AM
Posts	218
Total Helpful Votes Received	50

User Statistics

User Activity

Client using an unusual port

Backup Internet Design Using FTDs

QUIC Usage

Microsoft Teams Call ACP Question

FTD Geolocation Question

Re: Backup Internet Design Using FTDs

Re: Microsoft Teams Call ACP Question

Re: FTD Geolocation Question

Re: FTD Geolocation Question

Re: FTD Missing Logs