Network Security

Resolved! FTD to remote FMC?

Hello I know this question is questioned a lot, but i need help to understand the steps and configuration. FMC ----> FTD-HQ -----> WAN ------> FTD-RemoteI need to understand the procedure.1--> FMC_REAL_IP ----> FMC_NAT2--> i need to configure mgmt in...

FMC - Policy optimizer for unused policies & app id policies

Hi there,I had a few questions here regarding the Cisco FMC. 1. Is there a means for exporting the firewall rules set and traffic logs?2. Is there a built in policy optimizer that we can leverage to remove redundant and unused policies?3. Is there an...

Bock apk file extension and android software update in firesight

Hi all, How can I block apk file and android software update in ASA 5525x firesight? I have tried various ways to block them but cannot success yet.Please help me to solve that.

Resolved! Number of ACL on FTD security zone with multiple interfaces

We have a DMZ security zone on FTD and it has multiple VLANs / sub-interfaces, I found out every ACP created actually are duplicated to all VLANs / sub-interfaces, for example, my intention is:Source -> DMZ -> VLAN-A/Sub-Interface-A -> App-ASource ->...

Firewall FMC - Real Time Monitoring

Hi there, I had a question regarding real time monitoring on the FMC.Does the FMC have the ability to identify live sessions?Can we view info about Ingress/Egress zones, number of packets/bytes and interfaces etc... ?This would greatly help us to dee...

Resolved! diffie-hellman-group15-sha512 ASA Key Exchange

HI We are using CyberArk PSM-SSH to SSH to ASA. The PSM-SSH application only supports diffie-hellman-group15-sha512. how do I upgrade the Key exchange to diffie-hellman-group15-sha512 (or higher) on an ASA the Current supported Key exchange gr...

Resolved! FMC Site to Site VPN Question

Hello,I've been reading through Cisco's site to site documentation and wanted to confirm there's no possible way for a site to site vpn to have both tunnels active? Seems you can only have active/passive. FMC 7.0 using FTD 2100 series. Thanks in adva...

Resolved! FPR1010 Port 443 https Web Access issue

Hello So on an inside server (192.168.5.42) I am running an NGINX Web-Server which absolutely needs to be on Port 80 and 443. My FPR1010 has, by default, https access via 443, so when I connect to x.x.x.182 (WAN) (which connects to 192.168.5.42) on h...

Deployment Cancelled due to Firepower management center restart

Dear Team , I have found this error in one FMC SETUP Deployment Cancelled due to Firepower Mangement Center restart. Retry Deployment. Only normal changes we have made in FMC . WE have raised case with cisco they did troubleshoot issue. And Last WE f...

Firepower module out of memory after VDB 361 Update

Hello, I have a customer with a SFR module on their ASA 5525. After the latest VDB update (361) they ran out of memory, resulting in traffic interruption. This is the warning they see in their FMC: Configuration Memory Allocation - Resource utilizati...

Resolved! Cisco Firepower 7.2 - Blocking Page with Malware & File policy

Hi everyone,I'm trying to figure out if it's possible to provide the blocking page when a virus/malware is blocked, from the tests I've carried out it would seem not, the blocking page is displayed only with the URL filtering feature.So I wanted to a...

CUBE IOS XE - cannot import signed certificate

I am currently trying to set up RESTCONF on one of my lab CUBEs. For this i need the HTTPS server, and for that i needed a valid certificate on the router. Cisco IOS XE Software, Version 17.03.04abootflash:isr4300-universalk9.17.03.04a.SPA.bin So i c...

Resolved! FTD 1120

Hey! Currently working on FTD 1120 which is managed by FDM, and my query is. FDM-6.6.1-91 VDB-336.0 - Configured Two ISP links on FDM with sla monitor. -Basic configuration one access-list for Lan users to access internet and Nat policy which is in a...

Configure SNMP on 1120 running 7.0.1 via FDM

I've spent the last hour or so trying to find documentation for configuring SNMP via FDM. We initially did this via flexconfig, but I'm thinking that when we upgraded to 7.0, SNMP was directly via the GUI. I can see it's configured, but there is noth...

Resolved! When Should You Use Clear xlate?

The company I work for re-located their ASA 5510 to a new office location with a new static IP assigned to us from our ISP. If I update our NAT rules with this new static IP do I need to run the clear xlate command or should I just add new NAT rules?...

Network Security

Forum Posts

Resolved! FTD to remote FMC?

FMC - Policy optimizer for unused policies & app id policies

Bock apk file extension and android software update in firesight

Resolved! Number of ACL on FTD security zone with multiple interfaces

Firewall FMC - Real Time Monitoring

Resolved! diffie-hellman-group15-sha512 ASA Key Exchange

Resolved! FMC Site to Site VPN Question

Resolved! FPR1010 Port 443 https Web Access issue

Deployment Cancelled due to Firepower management center restart

Firepower module out of memory after VDB 361 Update

Resolved! Cisco Firepower 7.2 - Blocking Page with Malware & File policy

CUBE IOS XE - cannot import signed certificate

Resolved! FTD 1120

Configure SNMP on 1120 running 7.0.1 via FDM

Resolved! When Should You Use Clear xlate?

Congratulations to the Event Top Contributors Class of 2024!

Cisco + Splunk: It's a new day for your data.

A new chapter of the Spotlight Award begins!

Join us in Celebrating the New Year and the Nov.-Jan. Winners!

Announcing Resources That Guide You to Success

FMCv 7.2.5.1: High CPU load - how to troubleshoot?

Cisco FTD Migration from 4100 to 4245

My CSLU(Cisco Smart License Utility) can't login into Cisco.

same question, same issue, Intervlan routing not possible at FTD

Migrate from FMC virtual 300 to FMC virtual

FTD and FMC backup creating a sf-storage folder

Route Based VPN FTD

Multi instance 3120 FTD - Each instance in different FMC Domain

FDM DHCP Relay

Need expert help with Firepower intervlan routing