Posts

FTD Port-channel troubleshoot

  #Show fault  To display fault information  # connect fxos To connect to the FXOS command shell(4100/9300). (fxos) # show interface ethernet X/Y To view Ethernet interface status. (fxos) # show port-channel summary To display summarised information about configured port channels. (fxos) # show lacp counters interface port-channel X Displays LACP traffic statistics for a particular portchannel (fxos) # show lacp interface ethernet X/Y Displays LACP information for the Ethernet interfaces. (fxos) # show lacp internal event-history interface ethernet X/Y Displays internal LACP events for the specified Ethernet interface

FTD CLUSTER BUG

 FTD Version 7.2.5 when trying to create a cluster  FTD CLI sec-dcfw-01#  Detected Cluster Master. Beginning configuration replication from Master. .. Cryptochecksum (changed): 2f2f9cae ea5dbc33 a1eb4bda 3379b6fb  End configuration replication from Master. Unit is kicked out from cluster because of interface health check failure. Cluster disable is performing cleanup..done. All data interfaces have been shutdown due to clustering being disabled. To recover either enable clustering or remove cluster group configuration. Searching the error i found the bug https://bst.cisco.com/quickview/bug/CSCus54932 Upgrade to 7.4.2 (currently recommended) the cluster builded as expected.

FTD error on FMC "Resource utilization is high"

Image
  First check the FTD Memory > show memory  Free memory:        8373597176 bytes (81%) Used memory:        1992966480 bytes (19%) -------------     ------------------ Total memory:      10366563656 bytes (100%) Login as expert and check TOP. just to see what utilizing the memory > expert  FW01:~$ sudo su We trust you have received the usual lecture from the local System Administrator. It usually boils down to these three things:     #1) Respect the privacy of others.     #2) Think before you type.     #3) With great power comes great responsibility. Password:  > expert  FW01:~$ sudo su We trust you have received the usual lecture from the local System Administrator. It usually boils down to these three things:     #1) Respect the privacy of others.     #2) Think before you type.     #3) With great power comes great responsibility. Password:  FW01:/ngfw/Volume/home/g.mama# top top - 13:20:04 up 338 days,  3:20,  1 user,  load average: 2.67, 2.40, 2.36 Tasks: 182 total,   1 runn

Solarwinds Interface monitoring

 Solarwinds Interface monitoring on Asymmetric lines Be aware that if you have asymmetric Download and Upload speed from your ISP and add the device on the solarwind you have to manually set the bandwidth of the interface as by default is "reading" the configured one. Even if you have configuration for bandwith and Bandwith receved.

Useful Windows Commands

Image
 Useful Windows Commands Try First 1. Press “ Windows key ”, start typing “ command prompt ” on the start screen. 2. “ Command Prompt ” will appear in the list, now “ Right click ” on command prompt. 3. Click on “ Run as administrator ”, if you get a UAC prompt click on “ Yes ”. 4. Now type the command “ netsh winsock reset ”, press “ Enter ”. Check 802.1x logs of the supplicant On the client side, go to  Event Viewer (Local)\Applications and Services Logs\Microsoft\Windows\WLAN-AutoConfig/Operational  for wireless issues. For wired network access issues, go to  ..\Wired-AutoConfig/Operational .      https://learn.microsoft.com/en-us/troubleshoot/windows-client/networking/802-1x-authentication-issues-troubleshooting

Control plane ACLs cisco FTD

  Control plane ACLs cisco FTD On cisco firewall traffic destined to the firewall cannot be blocked by ACP. Even if you do not bypass the ACLs. Talking about control plane traffic. Eg remote access vpn. Geolocation based is not supported. https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvs65322?rfs=iqvred   The solution with control plane ACL is well documented in the below link. https://www.cisco.com/c/en/us/support/docs/security/secure-firewall-threat-defense/221457-configure-control-plane-access-control-p.html#toc-hId-689510534

ISE Loggings are missing

ISE Logging are missing when change the Secondary as Primary monitoring ISE01 -- PRI(A), SEC(M) ISE02 -- SEC(A), PRI(M) To resolve this go to Administraton - System - Logging - Log Settings and disable ISE Messaging Settings.