I just completed upgrade to FMC 7.2 and do not have Cisco ISE. I was hoping I could use LOCAL AAA for VPN authentication. I was able to create a realm for Local AAA and add a user however the "Enable" button next to the realm does not work and when I...
Hello.Are Firepower Service Modules separate physical cards inside ASAs?We have a few ASA5525s, and an ASA1120. How do I check if these devices already have installed Firepower Service Modules?Thank you.
hi,I would like to upgrade my FMC 6.6.7.1 to 7.0.1(or 6.7.0), but the readliness check is FAILURE. Please see belowPlease help
Hi guysI got a couple of inquiries regarding security devices : FPR1150, ASA5525, ASA 9.16 software, FTD software.- On ASA 9.2, how to remove failover information on the hostname ? Example : gain back ciscoasa# from ciscoasa/pri/actNoFailover#- FPR-1...
Hello, I have a customer reporting that multiple Firepower 1010 with ASA image randomly reboots. There is no crash dumps, but we found this in the log - 2023 Oct 29 11:05:43 PMLOG: Last reset cause: PowerOn (0x00000001) According to the customer, th...
HelloWe have issues in the failover once in a while as shown : please can you help us why that hapend and how can solve it ?thanks
HiI've got a working ZBFW config, but I must admit I'm struggling to understand the differences between these commands:policy-map type inspect NAMEpolicy-map NAMEclass-map type inspect NAMEclass-map NAMECisco's documentation says:When an inspect-type...
Hi, I have a question if someone can help me with that please, I have FTD configured in Active standby and managed by FMC. These FTDs are going in to an upstream nexus switch. I am using RFC1918 addresses between the outside interface of FTD and SVI...
I opened a ticket with support and they stated to perform the steps below, but is it the best process? Should I remove the devices first from FMC, change the FMC IP address, then register the FTD devices again? Trying to minimize and configuration is...
HiI’m migrating from a CBAC based basic firewall configuration on a 800 series router to an ISR, and am trying to get ZBFW working. I’m obviously doing something wrong because nothing works What I’m basically trying to achieve is to allow everyone o...
The enterprise needs anThe enterprise needs an IDS/IPS solution that will decrypt SSL/TLS encryption to inspect layer 7 signatures.Because the financial cost to buy an ASA for each of 15 branch locations is unappealing, it seems the best strategy is ...
Hello guys,so I have a problem. In company where I am working we have Cisco FTD 1010 with newest OS version 7.2.5 which are connected to FMC and any ssh login is with our domain accounts. We have saved loca users for emergency. And one of our FTD get...
I try to configure both anyconnect and clientless. Clientless works, but anyconnect's traffic dropped by acl-drop192.168.20.10 > 8.8.4.4 icmp: echo request Drop-reason: (acl-drop) Flow is denied by configured rule, Drop-location: frame 0x0000563f6f1b...
My WAN IP address is 72.X.X.X and the public IP addresses provided by the ISP is 200.X.X.X subnetMy secondary ISP WAN IP is 33.X.X.X and the public IP addresses are in the same subnetThere is a web server in the DMZ, which does not work when I set th...
Greetings,I am trying to communicate two IoT devices that use ModbusTCP to communicate through an ASA 5505.The topology is below. ** I must say that I am not an expert in firewalls and I have been educating myself reading the configuration guidelines...
