About bmurphree@myemma.com

bmurphree@myemma.com · 05-21-2024

With using only FDM to manage a NGFW FTD device, has anyone been able to configure AS_PATH Prepending via the neighbor route-map policy?I can configure this in the LINA Config tool (config t under system support diagnostic-cli), but as many are aware...

bmurphree@myemma.com · 08-24-2023

Route-Based (VTI) VPN with AWS in Active/Standby FirewallsOne thing I've learned about compatibility, even with standards, is that, between-brand documentation is almost always an after-thought. So, I've written this post in the hopes to help others ...

bmurphree@myemma.com · 03-29-2022

So, this is an old issue I brought up roughly two years ago, and I still don't see an end in sight.DHCP configuration limitations inside the NGFW through FDM are still lame. The lack of these two crucial features to me is debilitating.Cannot configur...

bmurphree@myemma.com · 03-18-2022

This week I ran into an issue that seems rather unexplained, but I felt I should mention it to help others, especially during this awkward time with being many potential targets of the current rampage of cyberattacks during the Ukraine attack.I use C...

bmurphree@myemma.com · 03-03-2022

Question: What's the fastest way to determine which sensor reports an observation or alert in Stealthwatch?Challenge: I have multiple sites with Cisco FTD firewalls, managed by CDO. I also have several ONA sensors deployed throughout a global network...

bmurphree@myemma.com · 05-24-2024

To manage routing across redundant Site-to-Site VPN tunnels to AWS over VPN (using VTI interfaces on an FTD firewall, it's not intuitive. It’s buried deeply under a false flag of “filtering”.First, to build the route-map in Advanced Configuration → S...

bmurphree@myemma.com · 10-06-2023

Have you been able to verify on the remote end neighbors/peers that the AS_Paths are indeed prepended? The Cisco documentation does not indicate this to be the case. I will admit, if this is the way they have allowed this to happen, Cisco certainly d...

bmurphree@myemma.com · 10-06-2023

Good call on this. However, I should have been clear in this should be configured on a per-neighbor (peer) basis vs. per ASN. Yes, you can configure AS_Path prepending in the FlexConfig, but that works only if you're using multiple routers, one for e...

bmurphree@myemma.com · 08-16-2023

"router BGP ASN" is black-listed in FlexConfig, so you couldn't apply the neighbor x.x.x.x route-map name out command there. I have no clue why it's black-listed. Very frustrating.

bmurphree@myemma.com · 06-14-2022

How does all this apply to PAT? The FTD device will let you configure only one (1) PAT per source network. How can you duplicate that to another interface as a backup?Actually, I may have figured that out. Add a new Manual-NAT, but set it to Dynamic.

Member Since	‎07-31-2018 03:44 PM
Date Last Visited	‎05-28-2024 01:05 AM
Posts	54
Total Helpful Votes Received	68

User Statistics

User Activity

FDM - BGP Per Neighbor AS_PATH Prepending

VTI Route-based VPN with AWS

Renewing DHCP Discussion on FDM

CDO "connection-events" in SWC Sensor Stopped / Down

Stealthwatch (Security Analytics) Sensor Question

Re: FDM - BGP Per Neighbor AS_PATH Prepending

Re: VTI Route-based VPN with AWS

Re: VTI Route-based VPN with AWS

Re: Firepower BGP Route Manipulation

Re: FTD with FDM Dual ISP Failover