https://community.cisco.com/t5/network-security/please-help-me-configure-tftp-access-list-on-asa-for-device/m-p/5194335#M1115766 <P><SPAN>I need help configuring a TFTP server access list to prevent attackers who acquire SNMP write privileges for obtaining device configuration information. </SPAN></P><P><SPAN>I have SNMP access list configured already. So it is not a problem. But I need to deal with TFTP. </SPAN></P><P><SPAN>1. Please guide me how to configure TFTP access-list on ASA for device management purpose. (not passing traffic) </SPAN></P><P><SPAN>2. I believe that ASA has only TFTP client function, not server. Is TFTP server functioning by default? If yes, how can I disable it?</SPAN></P><P><SPAN>I am using&nbsp;FPR2110, I'm bit new on this technology please help</SPAN></P> Fri, 13 Sep 2024 13:26:54 GMT suruchigupta555 2024-09-13T13:26:54Z https://community.cisco.com/t5/network-security/please-help-me-configure-tftp-access-list-on-asa-for-device/m-p/5194335#M1115766 <P><SPAN>I need help configuring a TFTP server access list to prevent attackers who acquire SNMP write privileges for obtaining device configuration information. </SPAN></P><P><SPAN>I have SNMP access list configured already. So it is not a problem. But I need to deal with TFTP. </SPAN></P><P><SPAN>1. Please guide me how to configure TFTP access-list on ASA for device management purpose. (not passing traffic) </SPAN></P><P><SPAN>2. I believe that ASA has only TFTP client function, not server. Is TFTP server functioning by default? If yes, how can I disable it?</SPAN></P><P><SPAN>I am using&nbsp;FPR2110, I'm bit new on this technology please help</SPAN></P> Fri, 13 Sep 2024 13:26:54 GMT https://community.cisco.com/t5/network-security/please-help-me-configure-tftp-access-list-on-asa-for-device/m-p/5194335#M1115766 suruchigupta555 2024-09-13T13:26:54Z https://community.cisco.com/t5/network-security/please-help-me-configure-tftp-access-list-on-asa-for-device/m-p/5194363#M1115770 <P>control-plane ACL&nbsp;</P> <P>access-list TFTP deny tcp any any eq 69</P> <P>direction IN&nbsp;<BR /><BR />this make ASA can connect to server but deny any attempt to connect tftp using tcp port 69</P> <P><A href="https://www.cisco.com/c/en/us/support/docs/security/secure-firewall-threat-defense/221457-configure-control-plane-access-control-p.html" target="_blank">https://www.cisco.com/c/en/us/support/docs/security/secure-firewall-threat-defense/221457-configure-control-plane-access-control-p.html</A></P> <P>MHM</P> Fri, 13 Sep 2024 14:35:57 GMT https://community.cisco.com/t5/network-security/please-help-me-configure-tftp-access-list-on-asa-for-device/m-p/5194363#M1115770 MHM Cisco World 2024-09-13T14:35:57Z https://community.cisco.com/t5/network-security/please-help-me-configure-tftp-access-list-on-asa-for-device/m-p/5194415#M1115773 <P>Cisco ASA does not support TFTP server functionality, it can only act as a TFTP client, so I can't see the concern of having someone trying to connect to the ASA and download any data from it. If someone tries the ASA won't respond to the TFTP request as it doesn't have TFTP server capabilities.</P> <P>A better general recommendation with SNMP would be to use SNMPv3 with both authentication and encryption rather than using v2.</P> Fri, 13 Sep 2024 15:56:23 GMT https://community.cisco.com/t5/network-security/please-help-me-configure-tftp-access-list-on-asa-for-device/m-p/5194415#M1115773 Aref Alsouqi 2024-09-13T15:56:23Z