Hi all When a client and server use PFS ciphers as part of the TLS session setup, what consideration(s), if any, should be given to an IPS system such as the FTD deployed in the middle to inspect the traffic? My understanding of this whole topic ...
Forum Posts
Resolved! ASA isn't Routing Traffic
I've spun up an ASA in packet-tracer and I've set up some device as shown below: PC A - 192.168.1.2 ASA - 192.168.1.1 / 172.16.1.1 PC B - 172.16.1.2 Both PCs are able to ping the ASA but can't get to each other. I've set an all ICMP ACL so I woul...
We have been experiencing periods where the FMC states that it is experiencing high CPU usage. I ran the "top" command it get the output included in the Snapshot taken. it also states that the time is out of sync but when I look at the config it, it ...
Hi, ASA5505 cannot be accessed by console. When trying to access the ASA, CRT show nothing and just keep stuck status without any refusing error message ( it looks like the ASA can keep stuck forever). Please see picture attached. The console cable i...
I downloaded latest geodb file (Sourcefire_GeoDB_Update-2017-10-10-005.sh) from download section but get an error, see screenshot. The file looks OK. ASA 9.8(2) ASDM 7.8(2) FirePower 6.2.2-81
I'm learning how to configure a Cisco ASA using packet tracer and I have a very simple set of rules I need to add. I have other rules to add, as well, but I would like to use these to ask for help so I can know how to begin. Not allow any incoming c...
I am new to FMC version 6.2. I would like to create a report to see the user traffic for each location by the network for example 192.168.100.0/24. The report should include the user name and destination IP or application details.I create the repor...
I have a couple of Interface status alerts (See photo) on the FMC 6.2.2 that are considered "Sticky". They have remained in this health tab for over a week, and I want to dismiss these alerts. According to the help files this is accomplished by doing...
Hi Experts I am deploying 2 x FTD 2140 in HA, both devices has been added in FMC now i registered devices via smart licensing but i am getting error regarding licensing on FMC as well as licensing portal. its showing Insufficient license : defaul...
I need to known if is possible do a license relocation to other firewall with same model. Example we have 6 firewalls FTD in production and 02 spare without license.thanks !
Let's start by a simple topology: <inside LAN> --> ASA1 --> ASA2 \ >>>>> Outside We're having CPU load issues which seem to be caused by DNS and NTP. We have a few devices behind the ...
Hi I am trying to allow work-xxxx.facebook.com in my company. And have allowed the URL in a rule in my FireSIGHT system. But when I access the page i still get a deny from the FireSIGHT. If I look at connection event it blockes my session and say...
Hi. I am working my way through the 45-day eval of an ASA5506 Firepower IPS and have resolved most of the problems. One issue still remains: Even though ">show time" displays correct time for both UTC and local, all syslog messages are stamped with ...
Hi, I currently upgraded the IOS of the firewall 5540. Prior to the upgrade, I deleted the aaa commands in case I could get locked once it rebooted. no aaa authentication serial console TACACS+ LOCALno aaa authentication enable console TACACS+ LO...
Resolved! User for a specific context
hi , is it possible to create a user to access only one context in ASA?I tried to create an admin user in one context, but I always get incorrect credentials when I try to login. Thanks
