Hi, I have a client that has 2 ISPs and would like to use ISP1 for employees and ISP2 for guests. At the same time, he would like to have internet failover for both employees and guests. So, under normal conditions, employee's subnet should use I...
Forum Posts
Dear Community, I would have a short question to you. I currently have some troubles in connecting our ASA5508-X to the Internet. The architecture is the following: Internet Service Provider <=> Cisco ASA 5508-X <=> Internal Server In this regard...
Hi Experts, I am seeings frequent UDP-123(NTP traffic) logs on Cisco ASA Firewall, which is initiated from Internal LAN to Outside Internet. Source and destination port is 123. Can some one guide, what is causing this? Understand, that UDP-123(NTP ...
Dear Community, I would have a short question to you. I'm trying to replace our old router with a new Cisco ASA 5508-X (for direct internet connection). The authentication against Internet Service Provider ("Deutsche Telekom" / "German Telekom") supp...
So I have come across this more than once and I was wondering if anyone knows of a tool or has come up with a faster way to move ACL's and NAT statements from ASA to Meraki MX? Over 1000 line of code, I am hoping someone here can help with their expe...
Hi Friends , My understanding is that "NAT" work is taking over by "ESP" when it comes to IPSec. But in my day to day work with firewalls .sometimes inorder to bring IPSec VPN up I have to disable NAT-T.In Some occations I have to do the opposite.(...
Hello, I was wondering if the Firesight Management Center can be integrated into Microsoft Active Directory? We would like to manage accounts through Active Directory to permit users to logging with certain levels of privileges (Read only/Full acce...
So not sure if anyone else is running into this issue. But when I try to access FMC via Chrome, Chrome will just spin for a 20-30 seconds and timeout and will display cannot reach site. I can access FMC via Internet Explorer. Not sure why this is, if...
Hi Everyone When policies has changed (multiple times) and you need to deploy a Policy. How can you verify the Difference / how can you compare the - Policy to deploy - with the - Policy deployed? before you kick of the task? Accordingly to the F...
I am looking for some baseline config values for the Rate-Based Attack Prevention in Network Analysis Policy for a FTD in routed mode (Edge Firewall). Coming from an ASA, the configurable values are totally different on the FTD and does not transl...
I am researching using dhcp relay over a vpn and I have some questions. I'm using the doc linked below for reference. My questions are: 1) One of the prerequisites is "You must be directly connected to the security appliance and cannot send requests ...
Hi, I have a serious doubt about the Security plus licensing, so I'm looking for some help. When I try to install a security Plus license on a 5512-X appliance, We got the following message: right now We have 250 anyconnect essentials licenses, If...
I would like to change the hostname of two FirePower 4100 systems which are in HA active/passive mode between the two systems on the installed ASA 9.7 code. The ASA hostname was changed just fine. When I try to change the FirePower chassis hostname v...
Hi, I need to redirect traffic destined for port 444 to port 443 on outside interface. Basically same functionality as linux iptables: *nat -A PREROUTING -i eth0 -p tcp -m tcp --dport 444 -j REDIRECT --to-port 443 This is what i did (it's asav983-8...
Dear Community, I have FMC install on ESXI. FMC and Sourcefire both are on the same vlan. When i install the new FMC on ESXI, Sourcefire added normally on the FMC but policy was not deploying, So when i try to re-add the Sourcefire now the Sourcefi...
