Network Security

Cisco ASA with FirePOWER

Hi, We recently purchased Cisco ASA 5506 with FirePOWER and Control license. I tried to integrate the FirePOWER module with AD using LDAP Connections so that I can have some insight into users' information. I read somewhere that in order to get Use...

ASA 5510 Multi Context "Shared interface" issue

I'm trying to get two security contexts to use the same interface as described in the configuration guide "Config Guide" The implementation I have is following the shared interface scenario using "mac addresses" as the classifier. I have implemented...

Resolved! ASA 317012 instead of 622001

Hello, I'm running ASA 9.4(3) and connecting backup ISP link. Using manual, made configuration changes shown below. Works fine, except for one: I'm not receiving expected log messages in my syslog. Different sources says that there must be 622001 me...

Creating Dashboards for SPECIFIC devices or device

I was curious if there was a way to narrow down the dashboards to specific devices or specific group of devices. Currently we are getting ALL the data in one place in firesight but I want to create specific tabs for specific locations where we have F...

Commercial certs for Decrypt and Resign

We are looking to do the decrypt/resign for outbound SSL traffic and want the easiest way of getting the clients to trust the resigned certificate. We do not have a PKI so that leaves us with getting a commercial certificate or using the Firepower b...

Firepower inline Vlan mapping

Hey, folks! We have physical FP and bunch of network segments in DMZ and lan. We'd like to use FP with virtual switch in inline mode. We need SSL decryption, AMP, URL and so on. Will it work correctly as on scheme in attachment ? We want to use seve...

Switching from PIX to ASA, having issue with additional public subnets

I tried switching from a PIX 515-E to an ASA 5515-X over the weekend and while initially it seemed promising ultimately I had to go back to the PIX. For the sake of sanitization, we'll say that with my ISP I have the following IP address space assig...

Resolved! Logging recommendations

Are there any recommendations as to when you should choose to log at the beginning or end? I know in some circumstances, the only option is at the beginning due to the packet being dropped, but what about in other situations? For example, I have ...

FireSight DC Updates

Device:FirePower 7115 running version 6.0.1 (no malware license) In Host Attributes you can edit the operating system if the discovery gets it wrong. There are versions of OS that are not listed eg. newer versions of Juniper etc. What software updat...

4100 or 5585-x for Data Center deployment?

Hi, With the release of the 4100/9300 appliances with FTD image, does it make sense to skip the 5585-X SSP40 option and go with a 4120 appliance to be deployed in the Data Center, not the perimeter. I can see the following pros, - Better combined ...

Resolved! Cisco ASA inspection with IP-Adress exclusion

hi, is it possible to exclude some IP-Adresses (defined by ACL) from the class inspection_default ? i want to avoid the inspection from H323 and SIP traffic to and from two IP-Adresses. i have tried a lot of combinations with class-maps / poilicy-m...

Cisco ASA 5506 Firewall

Hello Team, I bought one Cisco ASA 5506 firewall. I tried to install. But i can't. How can install cisco asa 5506 firewall. What are the steps i need to do ? I have the Product Authorization Key (PAK). How can i get the license for this product? I...

Errors in Decryption

Hello everyoneI have the ASA 5525-x with the CX module included, for web filtering. The version of ASA-CX is the 9.3.3.2 When setting the initial rules, all content https permit (social networks, etc.). I enabled Decryption the option to verify http...

Resolved! FireSight DC changes

Device: FireSight Management running version 6.0.1 If another user logs into the management gui and does a change like disabling an interface, or Firepower recommendations or a policy, but doesn't push the policy or not fully applied the changes. Is ...

8.4 NAT behavior

Hello community, Still trying to figure it out the new NAT and today I came up with this real-life scenario and now I have some doubts on how the NAT behaves. My configuration: object network LOCAL-wNAT host 10.34.30.36 nat (inside,outside) static ...

Network Security

Forum Posts

Cisco ASA with FirePOWER

ASA 5510 Multi Context "Shared interface" issue

Resolved! ASA 317012 instead of 622001

Creating Dashboards for SPECIFIC devices or device

Commercial certs for Decrypt and Resign

Firepower inline Vlan mapping

Switching from PIX to ASA, having issue with additional public subnets

Resolved! Logging recommendations

FireSight DC Updates

4100 or 5585-x for Data Center deployment?

Resolved! Cisco ASA inspection with IP-Adress exclusion

Cisco ASA 5506 Firewall

Errors in Decryption

Resolved! FireSight DC changes

8.4 NAT behavior

On-Demand Webinar: B&M Security Transformation with Cisco XDR

Congratulations to the Event Top Contributors Class of 2024!

Knowledge Hub: Cisco Technology for Securing the Enterprise

Cisco + Splunk: It's a new day for your data.

Announcing Resources That Guide You to Success

FMC and multiple AD domains

Dynamic Split Tunnelling - Android Devices

compartilhar internet com VLANS firepower asa

HOSTSCAN modo Monitoreo en Firewall ASA 39 / 5.000 HOSTSCAN Monitoring

How to Specify a PAC File on FMC Policy for Secure Client

IPS traffic report

Accessing remote ASA over site-to-site VPN

SLA failure because certain IP addresses cannot be reached by ping

Firepower Congestion

It is posible to stop Brute Force attacks in Firepower Theat Defense?