Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
Hello,Issue:I have a NAT rule configured to translate the destination IP and port while keeping the source IP unchanged. The rule references an object group containing about 25 objects. Initially, NAT worked fine.One object in the group went offline,...
Hello,FTD 2110s 7.4.2.4I'm looking for suggestions on two topics. 1. What's the best way to help prevent Dos attacks to the FTD itself. Is flex config the only way and does anyone have a proven config. for that they could share?2. What upstream servi...
Hello,FTD's 2110 running 7.4.2.1 in HA. and ultimately trying to setup a site-to-site vpn between this FTD pair and anther FTD pair at our other datacenter. However, right now I'm just trying to route plain old internet traffic out of my second outsi...
Hello,FTD's 2110 running 7.4.2. Under intrusion events dashboard some of my top attackers are my DC's that run DHCP and DNS. I'm trying to understand why Cisco is classifying what looks like normal DNS traffic as a port scan saying the client was usi...
Hello,We have a pair of 2110 FTDs running version 7.4.2.1 in HA mode, currently connected to a dedicated fiber internet connection at datacenter A. I'm considering adding a cheaper secondary internet connection to set up a site-to-site VPN between da...
@Rob Ingram thanks for the response and will try the PBR. I'm not following the NAT example in the article but will play around with it and see what I can come up with. I eventually will need the FTD to track the main route out to the Internet and if...
Hello,Running 7.4.2.1 on 2110.I don't have any thresholds setup for elephant flows because that feature is not available for 2110s. I thought Trust does not use snort as that's what the guide says.
Thanks for the additional information! I was able to simulate the traffic and confirmed it was being blocked. Initially, I was looking for Syslog ID 430003, but it turns out the logs were under 430002.Why wouldn’t packet tracer show that this would b...
