Hello, I'm trying to apply a FlexConfig configuration for modifying the TCP timeout for some connections but every time I deploy it I get an error when the Lina configuration is applying: firepower >> error : ERROR: Unable to assign access-list CSM...
Hi there, I'm trying to see what traffic is hitting this particular rule: access-list X line 1 extended permit tcp object-group SRC_X object SRC_X log debugging interval 300 (hitcnt=323) 0xb7788b5f access-list X line 1 extended permit tcp x.x.x....
I have 2 questions. 1. Is there a reason to have network objects created in a separate domain away from global if all our administrators have access to all domains? We are only separating them to get visibility separated in the dashboards and alerts....
Hello, I am unable to load the asdm from my workstation anymore. It has been awhile since I have used the ASDM on here because i usually just use putty to make changes. I am however tying to setup a VPN connection and need into the ASDM. Is there a...
Hello community, I am trying to inspect some traffic and I am facing some troubles. 1.- Traffic is being sent using multicast. Does Firepower inspect that flow? It seems that it does but I can't show it as an event. UDP RED_TRANS_1 239.3.31.20:4021 ...
Is there any way, or has anyone had any luck coming up with a working solution with the current verison of FTD for dynamic access policies on VPN Anyconnect clients using FTD firewalls? Can you use a DACL with ISE or a Radius server? Can you use LDAP...
ello Everyone, We have a plain ASA (no ids/ips, firepower), we want to determine if the device is being port scanned. Did some quick scan (nmap) and all i see by filtering the device that im scanning it from is this %ASA-4-313009: Denied invalid ...
Hi all, We are planning to deploy Meraki SD-WAN solution and each branches will have two links, one is a MPLS link and one is a Internet link. The requirement is to have direct Internet access for Office365 traffic only at branches, and the rest ...
I have a pair of ASA 5510s configured in active/standby mode. I have already configured the failover settings on the firewalls. Both firewalls are connected to a 2960G. I made a change to the interfaces on the 2960 to allow 2 mac addresses on each po...
Hi I´m trying to allow direkt Internet Access for certain applications in our branch office. I´m using Zone BAsed Firewall on the router. Is there a way to use NBAR2 application detection inside the class map ? If i use a class-map type inspect i...
Hi Experts, We've multiple ASA's with the CSM (Cisco Security Manager) and not all firewalls are CSM managed. Is there any way to find from ASA CLI that device managed by CSM...
I am trying to figure out how to scan a FirePower 7020 with Nessus, more specifically with Tenable Security Center. I have the admin account info...but when logging in via SSH, you must first enter EXPERT command before NESSUS can run it's plugins. ...
This will hopefully be a very easy question for someone who normally works within the FirePower Management Center. We currently have a couple of servers opened up to the outside world for RDP connections by our employees; I know this isn't a good pr...
I have been trying to configure 2FA for the ASDM UI for our ASA 5512-X. There has been no success and it seems that there is no software solution. Yes, there is 2FA for Any Connect and for VPN, but not for an administrator using ASDM. This is somethi...
I'd like to purchase the botnet license feature for my 5508, however, I've been unable to find it. On CDW there are many licenses for every other model, but not the 5508. Is another model's license compatible with the 5508?
