I'm new to using cdFMC and planning to add two FTDs configured for high availability. What are the recommended interfaces for management? Should I use a data interface for management purposes on both firewalls (two public IP addresses)? Additionally,...
Forum Posts
I went to update a pair of FPR1140 that are in HA yesterday using FDM. I had read conflicting instructions online. Ciscos instructions were saying log on to the standby unit (which i cant as its in HA) so I went with some other instructions that sai...
A question that has me intrigued... "Packet Tracer" allows you to place activation key for ASA. How do I ask for the activation key (from which person or manual or software)? ---> If it's software... Is it to activate ONLY some functionality or d...
Hi All,I've asked a question a few days ago on this 4 year old post but unsurprisingly haven't had any response so starting a new post. We had a requirement to allow wildcard access to a remote SQL server over tcp/1433, as the host portion of the des...
Resolved! ASA boot/console logs to file
I'm planning to update the ASA and ROMMON software on a ISA3000. I've tested it in our lab first and during the testing I've been connected through the console port. This is nice as I can see what is going on during the reload processes. However, whe...
Hello Community,I have Active Directory successfully integrated with FMC.My goal is to apply a Dynamic Access Policy (DAP) to my FTD, where the DAP should match a specific Active Directory group and apply a corresponding access policy (for example, A...
These are the 2 documentations that we followed to ingest Cisco device syslog into our Sentinel instance: https://learn.microsoft.com/en-us/azure/sentinel/forward-syslog-monitor-agenteStreamer eNcore for Sentinel Operations Guide v4.0.9 - Cisco Issue...
Hi All, How can I solve this flexconfig error for "access-group". My FMC version is 7.7.10 & the FTD devices (in high availability) version is 7.6.1Thanks.Nakpane
Is there a way to exempt traffic from a packet capture on an FTD firewall running version 7.6? My situation is that I need to know what an ID sensor that sits inside the network (at 172.31.11.224) is sending traffic to. The problem is that the firewa...
Resolved! FPR 2130: Troubleshooting ASP Drops
Hello, We have an FPR-2130 pair (Active - Standby) and I recently see increased ASP Drops (see attached image). It is supposed to be "Flow Denied by access rule, Flow Denied by configured rule".We need to understand better what this is about.How can ...
Hello everyone,I need to send zeek logs to Cisco SNA (flow collector)According to the Cisco manual:“Format: The zeek log generator must add the zeek_filename="xxx.log" tag before the JSONL string for the Flow Collector.”I need help about, adding the...
Is there a way to recover the credentials for an FMCv300? The individual who managed the FTDs/FMC left the organization and the folks that are supposed to now manage the environment cannot find the FMC credentials.
I have FMC that is managing two FTDs. I am planning to start using cdFMC. What is the needed licenses for cdFMC. Also, do I need to have the FMC or I can just stop using it.
I am trying to limit internet access for a server that needs access to several wildcard based domains and I can't figure out if that is possible on a Firepower FTD managed by FMCAs an example, one of the requirements is*.compute-*.amazonaws.com - TCP...
In the installation of FTD 7.6.2 (recommended version) in a new Cisco Firepower 1120 loaded with ASA v9.20.3. We attempted to reimage the appliance using the console USB port. We downloaded the installation image from the Cisco Software portal (check...
