topic CIS Controls created a few latent issues with various firewalls in Network Security https://community.cisco.com/t5/network-security/cis-controls-created-a-few-latent-issues-with-various-firewalls/m-p/4417026#M1081478 <P>I'm sure you all are familiar with the CIS controls. We've had a couple issues tied with (I think) one of the changes, and one we can't get resolved. I believe the issue comes from "password encryption aes." We initially deployed the changes to 3 firewalls. The first issue was with a firewall (I'd have to dig through notes to get the type and firmware) that couldn't re-establish a site-to-site VPN after two weeks. I put the key back in, and it worked for a couple weeks and failed again. That firewall was the only one of the three to have issues, so I upgraded the firmware, and it's been fine since.</P><P>&nbsp;</P><P>We later deployed the changes to 12 other firewalls. 3 of these can no longer be managed by SNMPv3. I've removed and pasted the configuration back into these 3, and I can't bring them up. I've reconfigured our NMS. I'm at a loss. There are two different firewall types between these 3 running two different versions of firmware (9.1(7) and 9.14(2)). The other 9 are running identical configurations with some of the same versions of firmware. I created a template on our NMS to make configuration easier, and I've tried to manually enter the parameters, and this still doesn't work.&nbsp;</P><P>&nbsp;</P><P>Any thoughts or similar experiences?</P> Fri, 11 Jun 2021 20:00:26 GMT ABaker94985 2021-06-11T20:00:26Z CIS Controls created a few latent issues with various firewalls https://community.cisco.com/t5/network-security/cis-controls-created-a-few-latent-issues-with-various-firewalls/m-p/4417026#M1081478 <P>I'm sure you all are familiar with the CIS controls. We've had a couple issues tied with (I think) one of the changes, and one we can't get resolved. I believe the issue comes from "password encryption aes." We initially deployed the changes to 3 firewalls. The first issue was with a firewall (I'd have to dig through notes to get the type and firmware) that couldn't re-establish a site-to-site VPN after two weeks. I put the key back in, and it worked for a couple weeks and failed again. That firewall was the only one of the three to have issues, so I upgraded the firmware, and it's been fine since.</P><P>&nbsp;</P><P>We later deployed the changes to 12 other firewalls. 3 of these can no longer be managed by SNMPv3. I've removed and pasted the configuration back into these 3, and I can't bring them up. I've reconfigured our NMS. I'm at a loss. There are two different firewall types between these 3 running two different versions of firmware (9.1(7) and 9.14(2)). The other 9 are running identical configurations with some of the same versions of firmware. I created a template on our NMS to make configuration easier, and I've tried to manually enter the parameters, and this still doesn't work.&nbsp;</P><P>&nbsp;</P><P>Any thoughts or similar experiences?</P> Fri, 11 Jun 2021 20:00:26 GMT https://community.cisco.com/t5/network-security/cis-controls-created-a-few-latent-issues-with-various-firewalls/m-p/4417026#M1081478 ABaker94985 2021-06-11T20:00:26Z