About dcanady55

dcanady55 · 11-17-2025

Hello,Issue:I have a NAT rule configured to translate the destination IP and port while keeping the source IP unchanged. The rule references an object group containing about 25 objects. Initially, NAT worked fine.One object in the group went offline,...

dcanady55 · 10-23-2025

Hello,FTD 2110s 7.4.2.4I'm looking for suggestions on two topics. 1. What's the best way to help prevent Dos attacks to the FTD itself. Is flex config the only way and does anyone have a proven config. for that they could share?2. What upstream servi...

dcanady55 · 04-29-2025

Hello,FTD's 2110 running 7.4.2.1 in HA. and ultimately trying to setup a site-to-site vpn between this FTD pair and anther FTD pair at our other datacenter. However, right now I'm just trying to route plain old internet traffic out of my second outsi...

dcanady55 · 03-14-2025

Hello,FTD's 2110 running 7.4.2. Under intrusion events dashboard some of my top attackers are my DC's that run DHCP and DNS. I'm trying to understand why Cisco is classifying what looks like normal DNS traffic as a port scan saying the client was usi...

dcanady55 · 03-10-2025

Hello,We have a pair of 2110 FTDs running version 7.4.2.1 in HA mode, currently connected to a dedicated fiber internet connection at datacenter A. I'm considering adding a cheaper secondary internet connection to set up a site-to-site VPN between da...

dcanady55 · 10-27-2025

Thanks for your input!

dcanady55 · 04-29-2025

@Rob Ingram thanks for the response and will try the PBR. I'm not following the NAT example in the article but will play around with it and see what I can come up with. I eventually will need the FTD to track the main route out to the Internet and if...

dcanady55 · 03-12-2025

Thanks for the response, Balaji.

dcanady55 · 01-03-2025

Hello,Running 7.4.2.1 on 2110.I don't have any thresholds setup for elephant flows because that feature is not available for 2110s. I thought Trust does not use snort as that's what the guide says.

dcanady55 · 12-31-2024

Thanks for the additional information! I was able to simulate the traffic and confirmed it was being blocked. Initially, I was looking for Syslog ID 430003, but it turns out the logs were under 430002.Why wouldn’t packet tracer show that this would b...

Member Since	‎10-10-2013 06:13 AM
Date Last Visited	‎11-17-2025 06:20 AM
Posts	223
Total Helpful Votes Received	52

User Statistics

User Activity

FTD NAT Failure

DoS To FTD

FTD with multiple Outside Interfaces

Client using an unusual port

Backup Internet Design Using FTDs

Re: DoS To FTD

Re: FTD with multiple Outside Interfaces

Re: Backup Internet Design Using FTDs

Re: Microsoft Teams Call ACP Question

Re: FTD Geolocation Question