Dear All, I am using URL filter by regex on my ASA 5525 version 9.2(2)4 but it's not working. The domains are not blocked. Please find in attachment the config I used
Forum Posts
In a bit of a pickle here. I have a 3D8120 running SourceFire v5.4 that's about five hours away in a lights-out datacenter with only a serial connection to a Raritan concentrator. When I try to boot into System Restore, I get a few rows of .'s and ...
Hello Does any of you have problems with installation af firepower / sourcefire 6.0.0? I have a test 5506-x firewall and I intended to use it for som firepower testing. However I do have a lot of issues with installation of version 6.0.0. It is po...
Resolved! Snort Dropping Packets
My access control policy has all traffic set to allow, and is then forwarded to my intrusion policy. My intrusion policy is NOT set to drop. Running show asp drop command on my 4110 FTD shows that almost all of the drops are coming from snort-drop. W...
Resolved! Port 80 query
Hello I blocked port 80 through our Cisco ASA to a particular IP but am still seeing connections being permitted in the logs. The only configuration for the IP is a NAT statement mapping it to an internal IP. Any ideas why? Thanks A
I am currently working on a POC to achieve Authentication and Authorisation for remote access VPN on ASA firewalls whereby RSA server and AD user account is used for authentication, and the LDAP - Security Group (SG) member check is used for authoris...
I have an FMC where multiple clients are being managed. I updated policy (Blocked some IPs) for one client and when trying to deploy the policy, the task gets stuck for a good 20-30 minutes and then I get the error "Deployment failed due to configura...
I am looking for assistance to complete configuration migration for my ASA 5510 to 5516X. What is the matching 9.X for this NAT global (outside) 1 interface global (dmz) 1 interface nat (inside) 0 access-list inside_outbound_nat0_acl nat (inside) 1...
I have a DMZ vlan on our 5505 to keep certain traffic unseen by rest of network. How is this accomplished with a 5506? I tried to set it up but no data is flowing from the DMZ vlan. Everything else is working fine but not this part. DMZ interface ...
Hello, somebody can help me please, I need to monitoring Delay from my Core to remote site with IP SLA in Cisco Prime. I need to know if when I create the new Monitoring Policies I would use CISCO-IPSLA-ECHO-MIB or CISCO-RTTMON-MIB for this task and ...
Is IPv6 multicast routing supported on the ASA 9.8 platform? I know it is supported on IOS but I'm not sure whether there is any form of support (full /limited) on ASA. Thanks
Resolved! Appliance sizing tool
Is there a tool or calculation guideline one can use to determine the basic throughput needed for an environment. For example, using the size of the Internet Connection speed, number of internet users, gateway throughput with basic NGFW filter exclud...
Resolved! Lina configuration deployment issues
Hello, I'm trying to apply a FlexConfig configuration for modifying the TCP timeout for some connections but every time I deploy it I get an error when the Lina configuration is applying: firepower >> error : ERROR: Unable to assign access-list CSM...
Hi there, I'm trying to see what traffic is hitting this particular rule: access-list X line 1 extended permit tcp object-group SRC_X object SRC_X log debugging interval 300 (hitcnt=323) 0xb7788b5f access-list X line 1 extended permit tcp x.x.x....
I have 2 questions. 1. Is there a reason to have network objects created in a separate domain away from global if all our administrators have access to all domains? We are only separating them to get visibility separated in the dashboards and alerts....
