Outside to DMZ Cisco FTD RPF Check Drop

As Network Engineers, we use packet tracer on both ASA/FTD systems. There are times where we need to run packet tracer to verify the NAT configuration. If you see errors related to RPF (Reverse Path Forwarding), you can simply try using the public IPs instead of private IP addresses. In the below example, the destination IP has been the NAT assigned public IP.

packet-tracer input outside tcp source_public_ip ssh nat_public_ip ssh

If you are not comfortable with the packet tracer, you can refer the guide

How to gracefully shutdown/reboot Cisco FTD

Incase if you are to shutdown/reboot the Cisco Firepower Threat Defense (FTD) appliance, there are few additional steps to be done. Below is the list of steps.

  • SSH directly into the FTD appliance.
  • Issue the connect fxos command to access the FXOS CLI.
  • Enter Chassis mode using scope chassis 1.
  • To reboot the device, issue the command reboot | to shutdown the device, issue the command reboot

After that you can simply exit the FXOS mode and issue shutdown or reboot commands.