Is there a way to Connect FTD in HA to Palo Active and Passive without a layer-2 switch in between? With pure Layer-3 set up, I couldn't think of a solution. May be it's possible, if Palo sees only single VIP address and single MAC? Attaching my setu...
Forum Posts
Hi,My security team ran a monthly VULNERABILITY scan and found CVE-2018-0101 on our ASA. We upgrade our ASA quite often. By the time it was scanned, It had the latest version of ASA OS which is 9.12.4.67I checked the link for the bug. Our ASA is n...
Resolved! Insurance Scan
I had customer contact me on a Corvus Insurance company scan where they scanned the customers firewall and detected the Cisco VPN. The stated that I should hide the VPN name? WTF does that mean??? All VPN's that I know of usually associate to a name....
Resolved! FMC 7.4.1
Newly installed 7.4.1 (well, upgraded to 7.4.1 from 7.4 install). Somehow the admin password stopped working. Figured I forgot it or didn't write it down correctly - so got in via console and reset it. Works in the CLI for access, but not in the UI...
I have ASDM 7.6(1) and latest version of java (Version 8 Update 9) installed. When I log in to ASDM my display is not to the scale, it is a messed up view. I don't know how to fix this issue - I tried downgrading java which didn't help. Not sure if t...
HiI have two pair of FTDs. What license of FMC I should buy?FMCv2 (VMware) or FMCv10 (VMware) or Management Center 1700 ?I think FMCv10 is the right choice but I am not sure 100%. I would like to hear your advice.https://www.cisco.com/c/en/us/td/docs...
Looking forward to a solution for this issue. We had to disable Endpoint probe on the isepic so we would not get "not found" users in the FMC that the isepic was subscribed to. Basically, user to ip mappings were sent from isepic to FMC, and for wh...
Hi,I have been facing throughput issue for a while now and do not know the root cause.So the firewall is in between 2 Alcatel routers (say A and B). A is sending 5Gig traffic to the firewall but on the port-channel stats, I only see 1Gig. We have tri...
Resolved! FMC External Authentication
Hello,We have Cisco FMC, version is 7.0.1I would like to configure access to the FMC based on AD Groups, integration done thought LDAP. At this moment we have 2 AD groups:First - Full Access (Grant-FMC-Admin), Second - Read Only Security Analyst (Gra...
Per the documentation, what can be local certificate be used for? Can it be used to ensure the machine connecting to the VPN is a member of the domain or is there a better way to go about that? Don't have an ISE deployment. I can't seem to find addit...
Hi everyone, Im use ASA 5506-X ver 7.2. I know all traffic can flow from Higher Security Level to Lower Security level but Is it possible to create a limit IP list can accessing outside and how I can configure this?Thanks
Hi All, Does de-registering/removing ftd from existing fmc and re-registering into new fmc would flush the configuration from ftd or it retains its configuration when i add into new fmc. Also if configuration has been flush from ftd, then would it st...
Hi,Given a ASA firewall running multiple contexts configured like this:context web1 description Internet Edge/Hosting 1 member web1 allocate-interface Port-channel1.2-Port-channel1.3 allocate-interface Port-channel3.1140 allocate-interface ...
Hello All, Going to migrated Asa 5585-x in cluster to FTD 3120 using Migration tool. Basically i need some help/guidance on below points. 1) Does Migration tool supports Cluster configuration i.e cluster configuration wil also be migrated or only Asa...
I wrote a short article on how to send specific networks (per SSID) from one country/location to another where the traffic on that SSID egresses the Internet connection on the remote side. Think Nord VPN, but no client required. e.g. One SSID can egr...
