We had implemented a Cisco ASA replacing a Sidewinder FW on our network. The Network has an ironport proxy even before which does HTTP connect (converting port 1-6553 to port 80). When we migrated from Sidewinder to ASA we made all the flow and policies and even natting the same.
The problem is, there are websites that the user cannot access. Seems like it is blocked by the firewall. Those websites where working before on Sidewinder FW but have problems when migrated to ASA. All is fine when we bypass the FW by connecting to F5 load balancer port. So ASA is the problem as isolated. All tcp, ip, and UDP traffic from Proxy are allowed to pass on the ASA but still encountering the problem. I am looking at the inspection policies or other policies that ASA has. Hope someone can help me turn off those inspection policies or whatever is making the ASA filtering so intensive.
Meet the Authors Event - CCIE Security and Practical Applications in Today’s Network: Zero Trust
(Live event – Thursday, 29th, 2020 at 10:00 a.m. Pacific / 1:00 p.m. Eastern / 6:00 p.m. Paris)
This event will have place on Thursday 29th, October 2020 at 1...
My company uses Microsoft Azure AD, and I sign into all my applications using that account. Can I use that account when I sign in?
Yes - all applications that support SecureX sign-on allow direct login with your Microsoft Azure AD accou...
@Rob Ingram @balaji.bandi @Marius Gunnerud Hi Guys, Does ASA saves any logs by default? logs means if some sort suspicious activity happen within network and we want to see what Firewall saw at that time.I...
Attackers will always target the "low hanging fruit": devices that have passed end-of-software maintenance and end-of-support. A few years ago, Cisco described the evolution of attacks against infrastructure devices. All of the attacks discussed in t...
I somehow stumbled upon Cisco's IBNS 2.0 Auto Identity (AI) templates in my CML/VIRL IOSv layer2 image (IOS 15.2(6)).
I find these templates great, because these are the best practices that we tend to hard-code manually - e.g there are...