Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
Hi All,I'm seeing tons of %FTD-4-419002: Duplicate TCP SYN from Inside:x.x.x.x/36769 to OUTSIDE:y.y.y.y/80 with different initial sequence number on multiple FTDs where the source IP x.x.x.x is ThousandEyes Enterprise agents' IPs.I've found this doc ...
HI All,First of all, apologies in advance if this is an obvious question, however, I'm a bit confused how to configure syslogs for FMC managed FTDs.FMC is 7.6.2.1 and FTDs are mixture of 7.6.1.1 and 7.4.3, but in this specific case FTD2k running 7.4....
Hi All,I've asked a question a few days ago on this 4 year old post but unsurprisingly haven't had any response so starting a new post. We had a requirement to allow wildcard access to a remote SQL server over tcp/1433, as the host portion of the des...
Hi team,I'm having trouble with Cert based authentication for RAVPN to work on FTD (FPR2140) managed by FMC, both running version 7.4.2.3.We've been using Microsoft NPS with Azure connector as a RADIUS server for MFA, but as our NPS servers would be ...
Hi All,We have 2 x 1Gbps Direct Connect between AWS and HA pair of FPR2140 (FMC managed) running FTD ver.7.4.2.1, BGP and ECMP to load balance the traffic. There are L2 switch in between them to split the single circuit to 2 firewalls.AWS's default k...
TAC has confirmed that only GLOBAL is supported, here's their response:On Cisco Secure Firewall Threat Defense (FTD), tcp-state-bypass is only fully effective when applied as a GLOBAL service policy.Although the CLI allows attaching the policy to a s...
that's what i've done, the problem is while tcp-state-bypass works when using GLOBAL, when you select specific interface/zone it stops working. So my question was whether the GLOBAL is the only option supported. After having a better look, i do see s...
Yeah, I've seen this one which is aimed at older FMC version, i think 6.2 or older.With our version, the suggested config receives "Unsupported CLI" error, and the only way to add a tcp-state-bypass is via the Threat Defence Service Policy which can ...
