Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
With using only FDM to manage a NGFW FTD device, has anyone been able to configure AS_PATH Prepending via the neighbor route-map policy?I can configure this in the LINA Config tool (config t under system support diagnostic-cli), but as many are aware...
Route-Based (VTI) VPN with AWS in Active/Standby FirewallsOne thing I've learned about compatibility, even with standards, is that, between-brand documentation is almost always an after-thought. So, I've written this post in the hopes to help others ...
So, this is an old issue I brought up roughly two years ago, and I still don't see an end in sight.DHCP configuration limitations inside the NGFW through FDM are still lame. The lack of these two crucial features to me is debilitating.Cannot configur...
This week I ran into an issue that seems rather unexplained, but I felt I should mention it to help others, especially during this awkward time with being many potential targets of the current rampage of cyberattacks during the Ukraine attack.I use C...
Question: What's the fastest way to determine which sensor reports an observation or alert in Stealthwatch?Challenge: I have multiple sites with Cisco FTD firewalls, managed by CDO. I also have several ONA sensors deployed throughout a global network...
To manage routing across redundant Site-to-Site VPN tunnels to AWS over VPN (using VTI interfaces on an FTD firewall, it's not intuitive. It’s buried deeply under a false flag of “filtering”.First, to build the route-map in Advanced Configuration → S...
Have you been able to verify on the remote end neighbors/peers that the AS_Paths are indeed prepended? The Cisco documentation does not indicate this to be the case. I will admit, if this is the way they have allowed this to happen, Cisco certainly d...
Good call on this. However, I should have been clear in this should be configured on a per-neighbor (peer) basis vs. per ASN. Yes, you can configure AS_Path prepending in the FlexConfig, but that works only if you're using multiple routers, one for e...
"router BGP ASN" is black-listed in FlexConfig, so you couldn't apply the neighbor x.x.x.x route-map name out command there. I have no clue why it's black-listed. Very frustrating.
How does all this apply to PAT? The FTD device will let you configure only one (1) PAT per source network. How can you duplicate that to another interface as a backup?Actually, I may have figured that out. Add a new Manual-NAT, but set it to Dynamic.
