As the title suggests, can someone please explain the “TLS 1.3 Server Identity Discovery” feature from true technical perspective? How does it work and how would it impact encrypted traffic? I thought I know what the feature does but I have got burne...
Forum Posts
Resolved! FirePower 2140 Multicast Dropping
Hello, I am having issues troubleshooting why the Cisco FirePower 2140 is dropping almost all Multicast frames. The way we have this set up is we have a device that is generating the Multicast Traffic and we have a Firepower 2140 that is configured w...
Resolved! SNORT 2 to SNORT 3
Hi All,I can see our FMC is updated with SNORT 3. Now need to update the SNORT on FTD devices from SNORT 2. I am planning to upgrade our FMC to 7.2.3 today. Do we need to update SNORT first too upgrade to 7.2.3 from 7.1.0? Or i can go ahead with the ...
Our FMC cannot connect to FTD to deploy changes.We just managed this device from the previous MSP.our FMC IP is 10.254.1.254(expired smart license)The configured FTD IP in FMC is 162.218.233.82but the management of FTD is configured as 172.16.0.254al...
Hi teams, I'm running two FPR-2130-ASAs(Active/Standby). By the way, standby ASA's SSD was failed last week. So, I could see SSD-led amber. I got a new SSD part from Cisco TAC RMA service now. In this situation, Can I know best practice failover step...
Hi Does anybody else noticed this warning started this weekend on their devices ? XXX : Security Intelligence URL: memcap exceeded (loaded 2167178 of 2939377)This started showing up since this saturday, with no change to any policy/configuratio...
GOAL: Configure NAT in ASA (OS version 9.x) so that two LAN VPN devices can erect tunnels to one remote www VPN endpoint.GIVEN: ASA Outside interface= 1.1.1.1 , remote www VPN endpoint= 2.2.2.2CONFIGURATION:object network VPN-DEVICES-LOCALip address ...
I try to track down the IP, 10.12.33.135 on our network. From server, I use arp -a to list the IP and Physical Address (also it is MAC address) and I get the MAC address from this IPWith PA or MAC Address I got, I look on our switches to track down ...
Hi, Im having issues with getting DHCP-Requests to my DHCP-server from a subnet in a different VRF working. The setup looks like this: Firewall the serves VRF-A, where DHCP-relay is configured with the following settings for DHCP-Relay Agent:Interfa...
Hi, I have a pair of Active/Standby ASA 5508's running 9.16.2. I needed to reboot the Primary Active firewall so I performed a stateful failover which worked as expected. I then rebooted the primary firewall and all traffic continued to work throug...
I know the ACP Policy (in the FMC GUI not FTD) consists of different policies, but I am trying to make sense of all the Prefilters configured as most don't show any hits. These policies are automatically applied to the FTD or connected devices?Click ...
Basically if you change the object IP (device IP changed, and worked or was managed fine in FMC) for a remote FTDv device managed in the FMC and it will no longer properly connect or register, confirmed there is 2-way traffic (up to applciation data ...
Hi, I would like to upgrade a HA pair of FPR2130 running ASA code 9.14. From the CLI I can see that show fxos modeMode is currently set to appliance What I don't understand is do I have to upgrade ASA code by adding the new ASA version with ASDM or ...
Hi , I'm in trouble with the communications between Azure API Management and a Cisco ASA Firewall .At the begin of a get request from apim , randomly some tcp package are dropped from the ASA firewall ( as of picture )I guess the flow is as follows :...
Hello Find the below diagram. There are 2 gateway on firewall. 192.168.13.1 and 192.168.15.1. Also there is default route from Core Switch to firepower and Static Route from Firepower to Core Switch which uses 10.1.1.1/30 Subnet. Problem I am facing ...
