Running into an issue with AnyConnect and OKTA SAML with 90 second delay between authenticating and actually establishing the connection. Initial login/redirect/MFA is quick then the client shows "establishing connection.." and 90 seconds later (giv...
Forum Posts
Resolved! New ddns methods in ASA 9.15.1
Hi all - has anybody tried to use the new web update-url for ddns introduced in 9.15.1?How I can make it work with dnsomatic.com?My config is:ddns update method dnsomatic_web web update-url https://username:password@updates.dnsomatic.com/nic/update?...
Hi there,We have two FMC in HA and we need to register a new FTD in a remote branch. We will configure NAT for port 8305 for the remote FTD to reach the primary FMC. According to this knowledge article here, it mentions that a second tunnel towards t...
What is the proper procedure to restore Cisco Secure Firewall Threat Defense configuration that was in HA? I tried using the GUI to Backup and Restore but it doesn't seem to work. Am I suppose to login to both units using GUI and backup each configur...
Port Vulnerability Name Cve id 22 SSH Terrapin Prefix Truncation Weakness (CVE-2023-48795) CVE-2023-48795 22 SSH Terrapin Prefix Truncation Weakness (CVE-2023-48795) CVE-2023-48795 22 SSH Terrapin Prefix Truncation Weakness (CVE-2023-48795) CVE...
Resolved! FMC: Automatic renew certificates?
Hello,Managing certificates is getting more and more a nightmare as the valid lifetime will be reduced to 47 days, especially on devices and virtual appliances that don't support any kind of automatic renewal protocol.What are the options in FMC to a...
Dear Team,The issue occurred on ASA 9.18(4).22, which is managed by CSM 4.25 SP1.Thanks,Anuradha
Hi all,What's the general consensus about FMC's IPS recommendations? I currently run a base policy of "balanced security and connectivity".Currently, my IPS is 477 alert rules, 9512 block rules. I ran the recommendations, and it went to 1 alert rule,...
Hi,I have exported an ACP from on FMC 2500 onto a blank new FMCv. I have then upgraded the FMCv and plan on migrating that ACP to a newer FMC already in production and migrating two firewalls. My issue is when I imported the ACP onto the blank FMCv I...
Resolved! PBR with AnyConnect
I'm having trouble figuring this out from the configuration guide, and ChatGPT is giving me answer that I'm questioning.I have an ASA (technically a FPR in ASA-only mode) on v9.20. I'm running AnyConnect, but I want to have two groups that each forw...
Hello Team,I have a Cisco PIX 506E device and I've forgotten the password and IP address. I haven't used it for a long time.I would like to know how to find its IP address since I no longer have the password.Thanks in advance for your help.
I added about 500 network objects by IP, and group them into an object group called white-list. 2 days later, I modified ACL access-in from allowing source any to white-list. The action was to delete original access-in ACL (total 6 rules, included im...
HiA client (Bank) Has Cisco ASA 5525 and they want to migrate to the Firepower 3120.1. Is it possible to completely restore their current configurations from the 5525 to the 3120 appliance?If not possible, what steps should be taken to completely hav...
So I can't find any real information about this, and Cisco's guide for NTP on NEXUS only uses md5. Does the Nexus OS support sha256 for NTP?
Hi All, Is there any Cisco step by step guidance on How update the Default web server certificate via FDM? currently when I logged into FDM via browser the connection is not secure. Thanks.
