I have a client that is running an 8140 sourcefire box. After looking at the configured homenets, I see they have a /8 defined.
Can this cause increased resource utilization?
I will be working to define their networks more precisely but was hopin...
I have a pair of Firepower 4110s. Is there any way to restrict what IP addresses are even able to connect to the Chassis management interface SSH, HTTPS, and SNMP interfaces? And same for the CLI on the FTD logical device management interface?
Hello,
Im in the progress of upgrading my ASA 5505 to an 5506, and i cant seem to figure out, where to enable the native VLAN...
Today im using VLAN 1,2,3 and 4, and using VLAN 100 as native VLAN for trunking.
If configured the subinterfaces on the ...
We are in a situation where they would like to demo a new content filter inline and in live production. I have been tasked with setting up a sceniaro where our current content filter is running side by side with the new one. They would like to grab...
Hi,
I'm setting up an ASA and i'm unable to ping from the Inside network to the internet it work fine from the ASA the error it would appear to be related the NAT any ideas ?
access-list INBOUND extended permit icmp any any echo-reply
access-lis...
Hello Experts,
Is it possible to allow/deny access to certain web sites/categories to a specific users/user groups from LDAP server (imported in firepower)..?
also to this how to user based policy not as per the zones/netowrks/subnets etc..?
also kin...
Hello all..
I have a HA pair of 5516's. For historic informational purposes: these have been on the same firmware and utilizing hairpin NAT without issues for 18months+
Recently in doing some network changes, I applied PBR to the inside interface t...
Hello Guy,
I recently set up a Cisco ASA 9.x for a finical institution in the New DC and because theis project still on the implementation phase i yet to implement any form restriction on the ASA.
I have no VPN,NAT connection on the ASA. i have allo...
Hi There,
we are going to roll out Cisco ISE in our organization,
so i would like to know 10 common issues -- when Cisco ISE is on network, what are the most common problems that comes on end points. need only on end point perspective.
Can any one ...
Hi,
It may be a repeated or very simple question.
How can I see and store the traffic (Live & Historical) details that is passing my ASA (IPs, Ports etc..)
Harmeet
i,
My configuration is:
access-list TEST extended permit ip host x.x.x.x host y.y.y.y
access-group TEST out interface outside
class-map IPS
match access-list TEST
policy-map global_policy
class IPS
sfr fail-open monitor-only
service-policy ...
hi,
i've upgrade an ASA to 9 code and it generated these lines.
do i need these?
is it safe to remove them?
xlate per-session deny tcp any4 any4xlate per-session deny tcp any4 any6xlate per-session deny tcp any6 any4xlate per-session deny tcp any6 a...
Hello
I'm trying to figure out if I need any access-list or NAT rules in order to communicate with networks advertised over the OSPF configuration. I have a third party connection coming into my Cisco ASA 5520. Please refer to my configuration below...
Hi Experts
Could you confirm the HA setup options applicable for Cisco firepower 9300 chassis (SF-F9K-FXOS2.0-K9) running ASA OS (SF-F9K-ASA9.6.2-K9)? Native ASA appliances had active/standby and active/active options, depending on single or multipl...
