Hi.We have an old ASA5555 (in HA) where we wanted to disable the SFR-module for a couple of reasons. We removed the config for the SFR-module:class-map FW-VRF-Firepower-ACLno match access-list Firepower-ACL-VRF-FWexitpolicy-map global_policyno class ...
Forum Posts
For those who have to deal with STIGs, https://en.wikipedia.org/wiki/Security_Technical_Implementation_Guide, do any of you know if there's an automated check like SCAPE for Windows machines.I ran into some information on OVAL but that's pretty dated...
Resolved! FDM Web Certificate
Hi,Is there a way to check the expiration date of the FDM's DefaultWebCertificate before upgrading to higher code? Thanks in advance.
Attempting to do a system upgrade of the firmware on Cisco firewall device manger and I get the following error message: "The server encountered an unexpected condition which prevented it from fulfilling the requestNullPointerException"
Hi,I have certain Microsoft applications that use rpc communication, e.g. microsoft DPM (data protection manager) that uses dynamic ports in range of 1024 to 64k.Is there any way I can achieve this in some secure manner instead of allowing all ports...
Hi EveryoneWe are installing the Firepower 3140 and need to use the cable 40G QSFP H40G ACU10M on the 40G Slots.Would anyone know if this will work. I will be most grateful for for your advice as this cable is to be used from another site.Thanks a lo...
Is the Cisco 4221 typically used as a DMZ router?
Resolved! AMP for Networks License Requirments
Question regarding what is specifically required to have a functional AMP for networks (module/application?) on FTD firewall utilizing the FMC.I know that it will need the malware and threat licenses for the specific firewall at a minimum, but is a l...
Hi,We have CISCO FMC to manage 4 FTD devices 2 in each region and working in HA.Recently it started behaving abnormally. we cannot deployy any new policy. When we do some changes to acp its and save it and then go to the deployment it says ""All dev...
Please don't shoot me down, I'm completely new to this, and it's actually part of a study question.I've setup an ACL on in the incoming port of fa0/0 of a switch in packet tracer. It successfully allows only even IP addresses in a specific range thro...
Resolved! Library and Dictionary in ISE
Hi Setting up Policy set in ISE. Please see below screenshot. WHat is relation between Library and Dictionary? Iooks like both Library and Dictionary can be used to build Condition for authentication and authorization. Anyone can explain it? Thank yo...
HejI am trying to push a file from my PC to an ASA. I have tried SCP, FTP and SFTP. Tried using WinSCP, Filezilla and SecureFX as software to push file but I can not connect.Is this because I am trying on Mgmt interface?interface Management0/0no mana...
HelloI would like to know best way to change ISP on a pair of asa ( active - standby).Currently, there are 14 public IPs on the ASA.By searching in the configuration txt file in :Outside interface, VPN, network objects, NAT, static route, crypto ca t...
Hi,I have new FirePower ASA 1120 to register for Smart license. I have used the usual process to get the Token form the Cisco Smart account and add it to the device. Although I have 10 devices license available but my license status remain as below;...
Resolved! Help with a NAT issue
Hello Community,I need your collective brains with a situation I'm trying to solve.I currently have a couple of hundred endpoints that I can remotely manage, these endpoints traverse through a firepower to reach the management system I manage them wi...
