Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
My organization is ingesting third-party intelligence feeds into our FMC via STIX/TAXII. A default action of block is not supported for this delivery method. Because ours is a sparsely staffed team who fills many widely ranging IT roles, and the feed...
New Firewall installed, a FTD 1150 managed by FDM.My understanding from reading documentation online was that FTD appliances do not do NAT out of the box. This was true for a couple other FTD appliances we installed for other customers in the past, b...
We have an IPsec s2s tunnel between two FTD units (one physical, one virtual). When you do show cry ipsec sa peer X.X.X.X, there's a part in the output that shows you the IPsec overhead. But it shows two values and that's what is confusing me. See be...
When configuring a remote server destination for syslog messages on Firepower chassis manager (or any UCS-like chassis for that matter), is it possible to send to another port other than 514? For example, UDP 5145 or something similar?
I believe I have found the answer to my own question.In FMC if you go to Integration>Sources and then click on the + in the upper right corner, it brings up the Add Source window.If you change Delivery to Upload, Type to Flat File, the action drop-do...
Hi,Thanks, but I already knew you can't change the default action for STIX/TAXII sources. Which is why I posted this thread. I'm asking if there is any way to bulk edit them instead of having to do them all individually. OR will ingesting them with a...
I disabled the rule. ACLs are incrementing hits now. Waiting on the customer to test. I will accept your solution once I get confirmation that all is working.Strangely, show xlate still shows all of the overloaded connections. My guess is that in tim...
Right, we definitely have routing in place all the way through to the Internet and back. Connectivity in terms of their inside resources getting out works fine. The WAN connection to this customer is not new and was not altered, it worked before a fi...
