About atsukane

atsukane · 11-07-2025

Hi All,I've asked a question a few days ago on this 4 year old post but unsurprisingly haven't had any response so starting a new post. We had a requirement to allow wildcard access to a remote SQL server over tcp/1433, as the host portion of the des...

atsukane · 09-04-2025

Hi team,I'm having trouble with Cert based authentication for RAVPN to work on FTD (FPR2140) managed by FMC, both running version 7.4.2.3.We've been using Microsoft NPS with Azure connector as a RADIUS server for MFA, but as our NPS servers would be ...

atsukane · 06-06-2025

Hi All,We have 2 x 1Gbps Direct Connect between AWS and HA pair of FPR2140 (FMC managed) running FTD ver.7.4.2.1, BGP and ECMP to load balance the traffic. There are L2 switch in between them to split the single circuit to 2 firewalls.AWS's default k...

atsukane · 04-16-2025

Hi team,Question around how to verify whether SI is actually dropping intended traffic.My understanding is that SI is processed BEFORE ACP is evaluated.When I run packet tracer against an IP that's included in one of the lists/feeds in /var/sf/iprep_...

atsukane · 04-02-2025

Hi All, We are running Agent-to-Agent tests between offices and DC, and seeing loss on the pass visualisation where next hop is firewall. Firewall is FMC managed Cisco FTD running 7.4.2.1-30.I'm allowing tcp49153 that is required for agent-to-agent...

atsukane · 11-05-2025

I know this is a 4 year old thread, but thanks @Alex-Pr We had a requirement to allow wildcard access to a remote SQL server over tcp/1433, with the host portion of destination URL can dynamically change.I've tested with 2 rules, one using a wildcard...

atsukane · 10-29-2025

Thanks @gtomich I'll take a look at the links you kindly shared. Our support/contract is not direct with Cisco and through a Cisco partner, can we still migrate to a CXAgent/CXCloud?

atsukane · 10-20-2025

Has there been any update with this? I see that this post is from 2023 but I'm having the same issue here in 2025.

atsukane · 09-11-2025

Update as I noticed that Zscaler is now hosting the Zscaler Aggregate IP Address Ranges and Zscaler Hub IP address ranges in plain text format. I've exported the certificate as base 64 chain in PEM format, then imported them in to Generic Text connec...

atsukane · 09-05-2025

Thanks for your response.We don't use DTLS nor SSL for RAVPN, and IPSec only. In this situation do I still use "debug webvpn"?Also, "debug crypt ca" don't have 255? > debug crypto ca 1-14 Specify an optional debug level (default is 1) (1..14) cluster...

Member Since	‎05-03-2016 04:05 AM
Date Last Visited	‎11-19-2025 04:16 AM
Posts	213
Total Helpful Votes Received	90

User Statistics

User Activity

FMC/FTD - Wildcard URL objects and use of the leading dot

FMC managed FTD Remote Access VPN Certificate Based Authentication

BGP ECMP and BFD between onprem to AWS

Verify FMC/FTD SI rule is working

Agent-to-Agent test behind firewall

Re: Wildcard domain matching on the FTD

Re: CSPC-server does not renew software version of managed device afte

Re: CSPC-server does not renew software version of managed device afte

Re: Questions around Dynamic Attributes Connector - FMC integrated

Re: FMC managed FTD Remote Access VPN Certificate Based Authentication