Hello everyone, I’m looking into the upgrade of our FMC 4600 HA pair from 7.4.2-172 to 7.6.2-329 (currently the suggested release). Looking at the documentation https://www.cisco.com/c/en/us/td/docs/security/secure-firewall/compatibility/management-c...
How can I manually filter individual URLs or groups of URLs Y without a special license in FTD
Hi Experts, I am trying to integrate FMC and FTD administrative users to authenticate via Cisco ISE radius type authentication. Cisco ISE has been configured with AD group sync and also FMC and FTD devices are added in ISE to use radius authenticatio...
Working on a set of firewalls that are being migrated from ASAs to FTDs (3 sets of HA clusters). All 3 sets have OSPF configured, with 2 of them "default-information originate". The 3rd has this for it's OSPF configuration on the ASA: prefix-list S...
In FMC 7.6.x, we configured two ISE servers as RADIUS External Authentication Object.The ISE are forwarding the authentication to our Windows AD.The user now makes one bad login attempt to FMC and the AD account is being locked. AD is set to lock the...
I'm currently standing up a Cisco SSM On-Prem but have hit a bit of an issue regarding creating and adding a browser TLS certificate. Our (private) Certificate Authority have very strict rules on what can and can't be in the CSR, unfortunately the S...
Hello, I’ve setup a posture configuration to work with our RAVPN. Basically I’ve 3 rules: Compliance OK, where I return a permit all ACL Compliance not OK, where I return a limited ACL Compliance unknow, where I’ve configured on the authorization pr...
Hello,Managing certificates is getting more and more a nightmare as the valid lifetime will be reduced to 47 days, especially on devices and virtual appliances that don't support any kind of automatic renewal protocol.What are the options in FMC to a...
Good day team!We have 2 servers connected to each other with 2 patch-cords.On vCenter admin configured 2 portsPort14-VLAN-1111-1114 VLAN trunk range: 1111-1114 Virtual Machines (4) ----! 3 ASAv Primary and FTDV-1 =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=...
I've created a VPN successfully from a Cisco FMC managed FTD (v7.4.2.4) to a AWS VPN gateway, but am having issues as the IKEv2 phase 1 SA lifetime doesn't match. The AWS side always uses 28800 and I've configured a policy on the FTD to use 28800 se...
Running Cisco Firepower 1150 Series on 7.7.0 and we still have the high temp alerts.
I just need some confirmation on breaking HA on my 1150 NGFW. Unless told otherwise, the reason I have to break HA is to apply a Platform Policy. Everything I read says I should be able to, but FMC states since they are in HA I have to break them. So...
8 out of 13 Firepower Threat Defense devices joined FMC as having a Chassis. Some joined without it likely after upgrading to 7.7.0 however most of our FTD still have this bug when running 7.7.0. 1140's and 1150's. Our 1150's also have this bug. http...
Hello, I am preparing to migrate an ASA 5555-x failover pair to FTD 3105 and have a question before starting this migration. I guess I should add the new FTDs to the FMC before I start the migration tool, but are there any other reccomended pre-tasks...
Hi, We've got Cisco Firepower 1120, with standard tier licensing. Can I use that device for remote access VPN?We don't have Strong Encryption License purchased.
