Hey, I have a weird issue going on. My ASA has a class c network configured (10.105.29.0/24). The interface IP is .254. I started to get deny spoof messages when our IT security started to scan our subnets, see below. <186>Mar 27 2018 09:00:14: ...
Forum Posts
Resolved! FMC cannot update from 6.1 to 6.2
Recently I have updated all firewall from 9.6 to 9.8(2)24 and try to update the FMC from v6.1.0.6 to 6.2.0-362. Does anybody can assist me the steps to follow? All the firepower have 6.x Versions. 180327 08:42:58] Readiness check for :Sourcefire_3...
From time to time I receive alerts such as the above one, there are others. These typiically occurr on a Guest Wifi network I run. In my ACP (Position 3) I have an entry allowing the DNS application from my DMZ (Guest Wifi Zone) to the Outside of my...
Resolved! ICMP Inspect seq num not matched
Hi guys, I have a problem with my ASA. The problem is as follows. We have new Subnets in the 192.168.x.x range. Our current setup is with 10.0.0.0 /8 range. From the core switch all the vlans have been configured and work so far. However the new ...
Resolved! Firewall Roadmap
Hi All,I am being asked by Wipro for a NGFW product roadmap. Can someone send me this please. Many Thanks in advance Simon
Hi,Here I need help from someone! I have a scenario where, one hub site which is connected to metro ether MAN at 1Gbps and spoke sites are variable bandwidths. Requirement is I should be able to shape down stream traffic branch-wise and in total at 1...
In Firepower Management 5.x we ordered FS-VMW-10-SW-K9 (Firesight 10 devices). In the renamed version Firepower 6.0 Management, do we still need to order these licenses? If so, does anyone have the new sku...ThanksShawn
Hi folks, Apologize in advance if this is not the right forum I posting this in as this is a my first post. I have an ASA5515. Current primary ISP (outside) is a static IP. We are in process of installing a backup using a wireless modem that give...
We are currently working on an issue where, as the title suggests, after failover of active FW from primary to secondary, there was no traffic passing through the secondary(active) FW. Due to this, the active FW was immediately failedback to primary....
Hello, I was wondering, whether it is possible to create an Application Detector for HTTPs connections including SSLv2 Client Hello Requests. If not is there any alternative how to capture and eventually block those kind of events with FireSIGHT. T...
I am working on a big firewall migration project where each firewall has atleast 10K lines of ACLs, I need to export them into an excel spreadsheet and then get rid of the redundant ones. Then would need to configure them on the new firewall. Since...
Hi Team, in refer to https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-openssl, any specific reason for the bug on ASA CSCuz52474 not visible to partner cco while the rest device bug are fine? Insufficient Permis...
Is there an easy way to add numerous IP addresses to an object group. I have a spread sheet of IP addresses that I need to put into an object group and the ASDM takes forever to add them especially as many as I have to add. I did not know if there ...
Hello,Our Cisco ASA 5520 firewall is running with 99% CPU, Processes Dispatch Unit is using over 90 % of CPU, and capture is showing below drop reason : Drop-reason: (nat-no-xlate-to-pat-pool) Connection to PAT address without pre-existing xlate fi...
Dears, My IKEv2 tunnel is not coming up with the below settings , on my end I have a asa and the remote end is check point , I want to know the below is correct configuration or there should be some change, crypto ipsec ikev2 ipsec-proposal AES256 ...
