Does anyone have experience using FTD firewalls for micro-segmentation in an OT/ICS environment using IRB and BVI?Exist specific documentation for configuration of IRB and BVI in OT/ICS environment?regardsDavide Lorenzetti
Forum Posts
The two FTD 4115 are configured in HA and are in similar network. In general they should have the same time to login. On one box it is the general time to login via ssh, but on the other it takes more than 70 sec to get a prompt.So far I have not see...
Hi team,I became totally confused after reading the TLS/SSL Decrypt-Resign Guidelines section (https://www.cisco.com/c/en/us/td/docs/security/secure-firewall/management-center/device-config/740/management-center-device-config-74/decryption-rules.html...
Resolved! Cisco ASA OSPF ECMP
Hi There, Currently, I'm testing OSPF on the ASA firewall. Below is the topology I'm working on. Both areas 1 and 2 have been set up as a stubby area. On R5 I'm able to see the OSPF ECMP 0.0.0.0/0 routes towards R2 and R3. But on the other hand...
Hi, I'm on troubleshooting packet drop in Cisco ASA. When I ran the packet tracer, I find that the packet is drop: Phase: 11Type: ACCESS-LISTSubtype: filter-aaaResult: DROPConfig:Additional Information: Result:input-interface: insideinput-status: upi...
Hello, I have a Cisco ASA, HA - Active/Standby (ASA1 and ASA2) configuration:ASA1: Gigabit 0/0 (Management) - 192.168.1.110,ASA2: Gigabit 0/0 (Management) - 192.168.1.111.Is it possible to keep the Giga 0/0 management interface of the secondary ASA ...
Hello everyone,We have updated our FMC from v7.3.1.1 (build 19) to v7.3.1.1 (build 83), after the first deployment to our FDT-HA (both Firepower 2120) is on Active FDT double as much memory allocated to Inspection Engine (snort3), on the Passive this...
Cisco Community,[This is a duplicate post - I tried to re-post the original discussion, moving it from (VPN) to (Network Security) but...]We have an FMC managing a set of FTD's serving as RA VPN concentrators. We are using LDAP Attribute Maps to appl...
We couldn't get SNORT updates, the error was Peer certificate cannot be authenticated with known CA certificatesI connected via ssh, opened an expert shell and started checking log files and I found a lot of thiscurl: (60) SSL certificate problem: un...
I am trying to use Static NAT to NAT my internal sever accessible from outside interface.I am able to NAT the switch connected directly to ASA Firewall however it doesn’t work for device hanging off from that switch.Am I doing something wrong?I have ...
Resolved! ASDM not able to login.
I am able to login through cli but with the same credentials if i access ASDM its saying "Login failed". Cisco Adaptive Security Appliance Software Version 9.1(5)10Device Manager Version 7.3(1)Compiled on Thu 03-Jul-14 09:45 PDT by buildersSystem im...
Resolved! FTD 2100 Upgrade from CLI
HiI tried adding an FTD 2130 to vFMC but I got the message saying cant manage a Device on this version, The FMC is on 7.0.x and FTD 6.2.x, Im assuming my only option is upgrading via CLI ? does the FXOS also need an image upgrade.?? Is there a step b...
I am testing a Cisco ASA 1010 Nex-Gen firewall, and noticed 2 things regarding manageability. One, it doesn't appear as though it can be managed by the ASDM. Two, the CLI looks to be overhauled to a newer version. My question is, does the "non" Nex...
Resolved! ASA 5515-X Active/Standby Failover Reset
Hopefully a easy issue to resolve. I have two Cisco ASA 5515-X in an Active/Standby failover configuration. For one reason or another we started to get weird network issues which included Dynamic Routing going in and out. All of the issues went away ...
Hi Team, i have cisco vFTD and running with 7.2.5. and FTD manage by FDM. i have configured MGMT IP address 192.168.11.111 255.255.255.0 i have configured outside interface ip 192.168.11.113 255.255.255.0 issue/ query 1 can we configured MGMT IP ...
