Hi all, I’m looking for clarification on how an ASA management‑only (OOB) interface behaves in the following scenario:If traffic first traverses the ASA data plane, and the ASA routes it out normally (because a route and policy allow it), and that tr...
Forum Posts
We are planning to upgrade our Firepower Management Center (FMCv) from 7.4.2-172 to 10.0.0-141. Our application uses the FMC REST API only (no UI automation) and we need to confirm compatibility before upgrading. Current usage:Auth: fmc_platform/v1 (...
I am having some issue understand of ASA to-the-box filtering. So in my topology below I tried to stop icmp packet to the outside interface of ASA.R2 has the ip: 23.1.1.1ASA out interface : 23.1.1.2access-list cp extended deny ip host 23.1.1.1 anyacc...
Hey all,Does anyone have experience using the Threat Defense Model Migration? We are migrating from a 2110 in HA to a 3105 in HA. We are debating whether to do this manually or is it less error prone to use the migration utility built into FMC?Thanks...
Resolved! FTD Question
HiIs it ok to have two interfaces in different security zones in the same vrf, So traffic comes in on a sub-interface in security zone(visitors) then egresses through a RB VPN VTI in security zone(guest-inet) is this ok or should i be doing it a dif...
HiI have been labbing this up and have come to the conclusion that when using FTD PBR a default route is still required, I have tried everything and without a default route traffic is routed via an interface not stipulated as (egress interface) in t...
I originally never setup the mgmt interfaces until the first firmware update when i found i needed to get into the standby fw as well. So chose two IPs from a random unused subnet. (172.16.16.x). The mgmt interfaces are only used when i am on sit...
Hello, Every time I use FMT, it seams like the tool automatically create interface groups which I don't want to use. I want to use interface zones and no interface groups. To remove the interface groups after a migration, I first need change all conf...
On the FPR-2110 we may be experiencing an issue with time synchronization that might be preventing SAML auth.In system support diagnostic-cli the clock appears to be several minutes off.When I show time from a regular cli prompt, time shows correct.T...
We have connectivity to regional sites, all terminating at the HQ site. At the regional sites, we have two ONUs from two different ISPs connected to our Cisco Firewall – Firepower 1000 Series (FPR-1010) appliance, which then connects to a Cisco Switc...
Can the Cisco Firepower 1010 Threat Defense process DNS queries?
Hello,I am trying to deploy 1120 NGFW at a remote site using FMC that is located in our DC. FMC and FTD are separated by public internet. Here the "outside" interface of the FTD and its public IP will be the manager access interface that will communi...
Hello Gents, This is an interesting issue that has my team stumped; we created an NFS file share that is using NFS version 3but we are unable to mount to the shared folder, network connections have been confirmed; also, we confirmedthat the FMC has t...
Hi All,We recently acquired 2x FPR-3130. Due to delivery delays, we worked with our vendor to amend the order and look for refurbished firewalls. Cisco confirmed that there were 5 of them in Europe at the time and delivery was in line with out deadli...
Hi All,I'm having a bit of a oddity with our Zscaler clients and download speed from our local office.Clients have Zscaler Client Connector enabled with ZPA and ZIA. Download from public sites are seeing horrible download speeds, when they sit behind...
