This post has been taken from governmentsecurity forum after I did a little bit searching on common question asked by firewall admin to a user in order to get more information.
Normally, user didn’t provide much information and it makes troubleshooting harder to solve.
I would appreciate if you guys can share what kind of information do you ask when do a troubleshooting with user.
1. What is the firewall
name/ip address (so we know which firewall
involved in this incident)
2. What is the source and destination ip address (so we can check whether the
traffic hit the firewall or not)
3. Traceroute result from source to destination ip. (so we know if the traffic
was dropped at somewhere else)
4. What is the incident number (if you are using the ticketing system so we can
keep track what happened.)
5. Has this work before? (if it worked, the possibilities of some changes has
been done to the firewall or server)
6. What application and protocol are they using to access
the server. 7. Can they access any other server using the same application and protocol
8. Has the client or host made any upgrades or patches recently
9. What version of VPN software is the client using.
Also I always start a remote desktop session using logmein.com or some other
software. Speeds up the entire process when you can see the clients desktop.
Re: Common questions from firewall admin to user ...
Number 1, 2 and 6 are the most common questions that are first asked that would determine whether the traffic is even traversing the firewall or not.
Source and destination ip addresses, followed by protocol and port number would be next to ask. Normally that quickly define the network topology (which interfaces of the firewall are involved, routing and NATing) as well as whether there are any access-list that might be blocking the traffic.
Question 5 and 8 is also asked if other network admin might be making some changes prior to the issue.
Reboot would normally be the last option if no traffic is traversing the firewall at all. If only 1 specific traffic does not pass through the firewall, normally reboot would not resolve the issue.
This is to address those customers coming to ISE from ACS or new to ISE that need a password change portal (UCP)
What are the licensing requirements for this solution?
My Devices - For using the password change with My Devices you need plus licenses as ...
In this paper we will document the configuration and operation of an integrated solution that includes identity management, firewall, cloud-based management, and cloud-based logging.
We will use the following Cisco products:
These days everything is in the cloud. We all know that Cisco Firepower Threat Defense (FTD) is a unified software image, which includes the Cisco ASA features and FirePOWER Services. Using Cisco Defense Orchestrator (CDO), you can manage physical or virt...
Cisco Defense Orchestrator (CDO) is a cloud-based, multi-device manager that provides a simple, consistent, and highly secure way of managing security policies on all your ASA devices. CDO helps you optimize your ASA environment by identifying problems wi...