Network Security

Firewall Migration Tool v7.0.0.1 now live!

Enabling our customers to leverage their install base and take them to the next level with Cisco Secure Firewall Threat Defense has always been a key priority. The migration tool is available for download to migrate the configuration on the on-premi...

ASA ISP CIDR Setup

Hello all! I have recently acquired a new block of CIDR IP addresses from my ISP and I don't understand how to get it setup. WAN address: 68.x.x.232 WAN gateway: 68.x.x.225 CIDR network: 70.y.y.112/28 Usable addresses: 70.y.y.114 - .126 How d...

Resolved! Strange error during FirePower image installation (into the ASA's SFR module)

Hello, everybody, I've tried to install FirePower image to ASA and got a strange error message after: system install http://<HTTP_SERVER>/asasfr-5500x-boot-6.1.0-330.img "Package header failed verification - 'Header magic number mismatch'" Ho...

Resolved! Firepower Cloud Connection Issues

This is an odd one. From the sfr conolse i can ping intelligence.sourcefire.com , nslookup works as well also, but when I try telnet i get this; Failed to connect to intelligence.sourcefire.com port 443: No route to host When I try this command found...

Nexus 5000 IP-Helper

Hi, Looking for help. Our Windows network neighbourhood browser service will not communicate across our Nexus 5000. This uses UDP 137 and 138. From searching online it appears that DHCP-relay on our Nexus doesn't forward this traffic like iOS cou...

Resolved! IP SLA and Track on ASA 5505 - Can your tracked route be outside & backup route be inside?

Hi All, I have a site on a common LAN - 192.168.33.0/24. They have an ASA 5505 (192168.33.5) connected to fiber that they want to be primary, and an 871 router (192.168.33.4) connected to MPLS they want to be backup. They have no layer 3 device beh...

Resolved! ASA 5506 Loses internet connection over time

I have setup two networks with pretty much the same configs and both are having an issue where the internet connection is dropping. Can be a few hours or days before it drops. At the moment I am sorting the issue by rebooting the firewall & Router ...

Resolved! Configuring FirePower on ASA: difficulties

Hello, everybody! I have ASA 5512-X deployed and FMC 6.1 installed. ASA in a routed mode. I've tried to configure it using this: https://www.cisco.com/c/en/us/td/docs/security/asa/quick_start/sfr/firepower-qsg.html The problem is I can't establi...

Resolved! Firesight 6.0.1 Remediation modules - PIX missing

I installed FMC from scratch at 6.0 (upgraded to 6.0.1). We originally tested on 5.4, and it included the remediation module for PIX Shun's, which from what I could tell, worked for ASA's as well. With 6.0, it does not include the PIX Shun module. F...

Error Upgrading ASA-SM: "uploaded file is not a valid ASA-SM1 image"

Hello, Trying to upgrade an ASA Service Module (WS-SVC-ASA-SM1) from 9.1.1 to 9.1.2, ASDM respond with message "File has been uploaded succesfully, but the uploaded file is not a valid ASA-SM1 image". Same results with an other images (9.1.3 and 9....

Resolved! Question - ASA object-group

Hi Guys, I saw below configuration on Cisco ASA 9.1(7)16. The network object group is calling a service object group, is this a valid configuration? ====================================object-group service HTTPS_433 tcp port-object eq 433 object-grou...

Firepower 8120 - No host recorded

I'm deploying IPS firepower 8120, the topology in internet segment: core switch -- mikrotik -- IPS Firepower -- WAN Optimizer -- Firewall -- Internet.Why in network map/host cannot discover host/ip address that throught the IPS? while in connection e...

ASA Service Policy Rules

Hello All, I have configured service policy rules on my ASA 5545 : policy-map CONNS class AttackingTraffic inspect http HTTPDOS set connection conn-max 200000 embryonic-conn-max 10000 per-client-max 300 per-client-embryonic-max 20 set connectio...

Sourcefire

Just wanted to ask what is the database being used on the Cisco Sourcefire / Firepower Management Center? Thank You. vrian

ASA 5512-X , no internet on WAN

Hello, i have configured an ASA 5512-x following the quick start guide, Found here. how erver i cant seem to access the internet, nor can i ping from the asa or a pc from the LAN side outwards. - this set up is verry simuilire to a second network...

Cisco port channel issue

Hi, We have a port channel with 2 of 1G links between our core of the datacenter. Due to the issue with one link, we want to force all traffice to another link, only use the 2nd physical link when the 1st physical link is full. Is there a way of doin...

Network Security

Forum Posts

Firewall Migration Tool v7.0.0.1 now live!

ASA ISP CIDR Setup

Resolved! Strange error during FirePower image installation (into the ASA's SFR module)

Resolved! Firepower Cloud Connection Issues

Nexus 5000 IP-Helper

Resolved! IP SLA and Track on ASA 5505 - Can your tracked route be outside & backup route be inside?

Resolved! ASA 5506 Loses internet connection over time

Resolved! Configuring FirePower on ASA: difficulties

Resolved! Firesight 6.0.1 Remediation modules - PIX missing

Error Upgrading ASA-SM: "uploaded file is not a valid ASA-SM1 image"

Resolved! Question - ASA object-group

Firepower 8120 - No host recorded

ASA Service Policy Rules

Sourcefire

ASA 5512-X , no internet on WAN

Cisco port channel issue

On-Demand Webinar: B&M Security Transformation with Cisco XDR

Congratulations to the Event Top Contributors Class of 2024!

Knowledge Hub: Cisco Technology for Securing the Enterprise

Cisco + Splunk: It's a new day for your data.

Announcing Resources That Guide You to Success

Change IPS and AMP Policies to enforcement mode

FTD SSE Connector Service down

Problem with ssl decrypt-resign on Cisco Sefure Firewall

FTD reboots and the active firewall losts all of the User ID entries

ASA AD LDAP Authorization belonging to multiple groups

ACL on VTY Line Blocks All Connections

ASA Help With NAT for Printer

Does the FMT overwrite all FTD configuration if only selecting NAT

Can't ping from FTD managemnt to FMC

IG not mapped to SZ on FMC/FTD