Network Security

Resolved! ASA 5525 Standby node in failed state

Have a pair of 5525s in active/standby setup. Standby node shows as failed. If I "reset failover" from the ASDM, it briefly changes to Standby Ready then in a few seconds flips back to "failed". The failover interface shows as Up. No recent updates ...

Resolved! ASA Active/Standby physical configuration

We have 2 ASAs setup in an active/standby configuration. The "Outside" interfaces on each ASA connects to a 1 of the 2 switches in the switch-stack as do the border routers - and this is for failover redundancy. ISPs-&-INTERNET | | R--...

Active/standby

Hello, I have configured Active/Standby on two 9.5 ASAs. Failover is working fine. I have tested with powering off the active and its brings up the standby as active. These failover works without 'standby' command on the outside/inside interfaces....

new ASA setup - cannot ping subinterface from VPN tunnel

Hello! I am setting up a ASA in a new environment - well actually building out a new Datacenter for us to store our servers and equipment in. So far I have been running into issues and have been able to resolve (like setting up a NAT for internet tr...

Issue with ZBF when using PPTP

Hi community, We have a 3945 router configured with a ZBF that serves as a Guest router. We have an issue when a client attempts to initiate a PPTP VPN. I've performed a Wireshark capture and can see the tunnel established (tcp-1723), and the PPP LC...

Create URL Whitelist

Hi Folks, Is there a way to create a URL whitelist from a txt for csv file? I want to only allow a list of URL's and then block everything else. I have a list of about 100 URLs and entering each URL object, then adding that to a group seems like a ...

Resolved! ASA FirePOWER - Inline Tap Mode

Hello,I would like to understand the configuration of Inline Tap Mode in ASA with FirePOWER.To operate in this mode, I need to configure the ASA policy-map to monitor-only or can keep inline and create an Intrusion-Policy on FMC with Drop When Inline...

PBR on ASA version 8.2

Dears , i have ASA version 8.2 and connected to ADSL modem and i am direct lan user to this interface int eth 0/1 nameif outside ip address x.x.x.1 route outside 0.0.0.0 0.0.0.0 x.x.x.2 nat (inside) 1 172.16.100.0 255.255.255.0 global(outside) ...

Resolved! Problems with Synchronization(FirePower 7010 and FireSight)

Hello! I have some problems with FIRE Power and Fire Sight.I have error and I need help.I have error on FIRESIGHT:Module Time Synchronization Status: 192.168.10.10 is out-of-sync.I can say that time is the SAME on fire sight and fire power. How can i...

Multiple IP's on an ASA

I have a couple of questions about configuring an ASA with multiple public IP's and sending traffic in and out of the same interface. We have two ARIN public IP blocks assigned to us. They are both advertised through BGP on our frontend routers. O...

Resolved! BOTNET LICENSE in ASA

One of MY client wants to upgrade their 5 qnty of ASA-5000X series firwall with firepower . and they also wants to BOTNET license. My question is ,, is it(BOTNET) required when you upgrading to ASA-Firepower ?? Coz we are also taking AMP,AVC. and i ...

How to Upgrade Firmware of ASA5585 in HA Environment

Hi, I need to upgrade firmware of two ASA5585-X Firewall and they are in HA Active-Passive mode. Please advise the procedure to upgrade without changing any configuration. Thanking You- Azizur Rahman

IOS ZBPFW

Hi All,When configuring an ASR1001 with ZBPFW, and when using a class class-default / drop log, for an OUTSIDE_TO_SELF zone (basically the outside interface ip address), I do not see the drop action log for any dropped packets, but the drop counter i...

Resolved! Block some https sites on ASA 5508

Hello, everybody! Could it possible to filter some https sites on ASA 5508 without IPS subscription? I mean youtube.com, facebook.com, some local social nets... Please, give a link to a useful manual. Many thanks in advance, Ilya

firepower Managment

Dears, I am replacing the legacy firewall to new 55XX-X I have migrated the configuration but not brought it live, I have some question below. management 0/0 is in different ip address than a inside interface, inside and management are connecting to...

Network Security

Forum Posts

Resolved! ASA 5525 Standby node in failed state

Resolved! ASA Active/Standby physical configuration

Active/standby

new ASA setup - cannot ping subinterface from VPN tunnel

Issue with ZBF when using PPTP

Create URL Whitelist

Resolved! ASA FirePOWER - Inline Tap Mode

PBR on ASA version 8.2

Resolved! Problems with Synchronization(FirePower 7010 and FireSight)

Multiple IP's on an ASA

Resolved! BOTNET LICENSE in ASA

How to Upgrade Firmware of ASA5585 in HA Environment

IOS ZBPFW

Resolved! Block some https sites on ASA 5508

firepower Managment

FTD: Port translation is not performed on outside2 interface

Cloud Delivered FMC edit multiple interfaces

3130's Howto: configure network management-interface and shut / no sht

Correct way to config two external interfaces on the CSF 1210CE FTD

Secure Firewall 1200 HA topology with 03 ISP link´s and SD-WAN

Cisco SNS 3755

Upgrade FTD 2130

Cisco firepower 1150 multi ISP and Remote Access VPN

Smart License lost after Powerfail / Reboot

Firepower 1120 has wrong (falcon demo) license active