If anyone can help with this question. We are about moving our FTD's HA to a new space. is there any special way to shutdown and bring up the devices. They are currently being managed on the FMC. They will also be retaining their current IP's. Woul...
Forum Posts
Resolved! Firepower version via cli
Is there a way to collect the current running version of firepower without using FMC? SSH, snmp, python, etc... I have dozens of different sites in multiple states that have firepower modules in their Cisco ASAs. I would like to create a dashboard...
Hi I am having trouble finding (if it exsists) the OIDs for "Dropped Packets Rate". I see it in ASDM though would like to get this setup on some monitoring software i.e. Cacti/Solarwinds though I cant find an already made template or OID location.If ...
Hi everyone, our firewall is currently on code 8.2. i want to know how to block a specific website using MPF and dropping dns query. i am able to block it for whole inside network but not for a specific ip address or group of ips. here is the...
I attended a webinar a couple of weeks ago surrounding FTD migration. How do I migrate my Anyconnect SSL licenses over to FTD? I'm unable to find out any information about it. I have an ASA 5515-X with 50 SSL licenses which give clientless web VPN as...
All, I have taken over supervising a network ( I am not a dedicated IT person or cisco trained) Once of the things I was told was the firewall base license was making all interface connections 100m instead of 1000m. I have also read that the se...
I have several remote sites using ASA5505 terminating on a FPR2140 ASA. All worked fine until i moved the VPN's to a new internet feed. Now all traffic, SNMP etc work ok but pings dont work so monitoring system cant show them as up. one site is still...
Description: We are using multi-context ASA and physical subinterfaces. I am able to get interfaces' statistics from different contexts via SNMP. But the statistics from physical interfaces and subinterfaces would be very helpful for having the overa...
Resolved! ZBF zone based firewall on ASR 1000
Hi Group any idea how this could happen in zone based firewall: sh policy-map type inspect zone-pair sessions Zone-pair: Guest->Internet Service-policy inspect : Guest_to_Internet Class-map: Guest_Protocols (match-any) Match: protocol http Match: pr...
Resolved! Firepower Remote Access VPN Filter List
Hi, I have a working AnyConnect 4.6 remote access VPN solution in place on a Cisco FTD 2110 and FMC on software code 6.2.3.5. All user traffic comes via the VPN, no split-tunneling. Now I want to apply a VPN Filter ACL to the group policy to rest...
Hi, I want to restart my SNORT process, will it drop traffic? Is there any way to restart SNORT without any dropping of traffic? Thanks
Hi all, i have just deployed a firepower in a vm environment, i have also just activated the smart license evaluation mode. i'm task to add a sensor on the firepower management center, where do i download the sensor for fmc in cisco support. my cu...
Unencrypted malware blocking is working fine. If you implement a SSL decryption policy for HTTPS web traffic and configure an ACP rule to inspect the HTTPS traffic for malware, one of two things will happen: 1. Either the Firepower module will de...
Hi guys, Does anyone know if it's possible to block using Firepower all browsers but one (let's say Chrome). So in terms of old firewall rules way: Rule no1 - allow browser Chrome Rule no2 - deny any other browser I found a hint (tracking User-...
Hi, Can someone tell me how to check or view temporary self signed certificate generated by ASA using CLI? Also, is temporary self signed certificate generated once command "http server enable" is entered? And, what happens if disable http server a...
