Resolved! Block all ports and allow specific
Hi, How can I block all ports from inside to outside and allow only specific traffic towards outside. What is the best practice to do that? Should I use ACL or global_policy?
Forum Posts
Hi all , how can i nat the outside address to make it reach internet .NB: the ouside interface has a private ip address Thanks
I've got an old PIX running 6.3 code. Finally upgrading to an ASA 5515 running 9.2 code. I can't keep up with all the NAT changes that have taken place through the years. I have several of basically no nat statements on the PIX, like below: static (i...
Is there a way to override a manual shun with an object group (or otherwise)?I have found that we can override an "automatic shun" using:threat-detection scanning-threat shun except object-group no-shunBut, we are needing a way to override a priviled...
As mentioned, this is an ASA 5506 running 9.8(1) They both "claim" to be in use if I try to remove either via command line. The object-group is a service, has nothing underneath it (I was able to remove the ports), and does not show up anywhere else...
I have a few ASA5506-Xs, an ASA5508-X, and vFMC. Looking at upgrading from 6.2.0.2 to 6.2.2.0. I browsed the release notes, but I was wondering if anyone has actually done the deed yet?Any "gotchas"?Wanting to get this deployed ASAP, but decades in ...
Recently updated FMC to 6.2.0.1. Estreamer client now only sends 5 or so events and then the estreamer client fails, both on Splunk and host-based client testing. Also, the server does not seem to respond to changes in the event type delivery opti...
Hi Experts,I've been deploying RAVPN multiple times using 2 zone approach (outside and inside) and now I saw this design and I don't know if it will work.Currently, the design has one zone only which is outside zone. Will this work?Thanks
Hello Guys,I was going thrugh documentation for Inline deployment in v6.2.0 and found something about TAP Mode (even though this option is available in previous versions as well). In Inline sets, there is an option called TAP Mode which says that the...
I tried to generate a rather simple report on a DC1500 for the previous calender month.The report should contain a summary of the connection events based on the action, Trust, Allow, Block. The connection event database contains that information, how...
Hello Friends, I was try to upgrade ASDM version from 7.1(5)100 to 7.8.2. But upgrade process is aborted due to "Invalided http response” related issue. However i was finished ASA software upgrade without any issue under ASDM version from 7.1(5)100 ...
Resolved! upgrade ASA-5516 to 6.2
We have many pairs of ASA5516 Firewall devices running 6.1 and want to upgrade to 6.2. With that some questions later, I look forward to helping everyone.1. Is there a way to backup override object the ASA5516 device?2.In case of upgrade failure, how...
Hi guys, I have a 5545x with an 1 Gig internet connection running IPS, URL, and AMP. When running speedtests, it causes latency for other users (200ms-400ms). I am running into this issue: http://www.cisco.com/c/en/us/support/docs/security/firepower...
Hey all,got the following problem:We got a new ASA 5512 (9.1(2)). Since using the new ASA RDP over VPN is slow as hell. Furthermore we are hosting services for our customers at our local site. The customers access their servies via https and they rep...
Resolved! ASA failover Active/Standby
Hi, We have configured failover (Active/Standby) between our 2 ASA firewalls using the configuration giving below. We have tested the failover by power down our Primary ASA (ASA-1) firewall and our Secondary ASA (ASA-2) is become Active. But, the se...
