Network Security

Resolved! Configuring Control Plane ACL on ASA

Hello,I configure a control plane ACL to a outside interface for limiting AnyConnect access on ASA 5520, will enter the following commands on the device:! interface GigabitEthernet0/0! nameif outside! security-level 0! ip address 1.2.3.4 255.255.2...

Question on syslog message %FTD-6-302013 after transition from ASA

We are analyzing the logs from all of our devices. Recently, a question came up on the %FTD-6-302013 message. It appears to be only happening on outbound connections from the inside network to the outside. We never see messages like that for connecti...

FMC 7.0.4 - No Packet Capture tabs under Advanced Troubleshooting

I'm running the VM version of the FMC. I have 7.0.4 installed. When I go to an SFR module and go to Advanced Troubleshooting, the only option I have is "File Download". I don't have any tabs for Packet Capture or Packet Tracer. What could be caus...

Resolved! Changing session timeouts, logging/syslog, etc. on FMC?

Does changing these types of parameters in the FMC apply to all devices managed via FMC such as the FTD?

Resolved! FMC Upgrade versions

Hello,I have a Cisco SFR in the form of an FMC running version 6.7.0.3. It is supporting firepowers running version 6.4.0.132. The FMC is just an FMC; it is not an FMCv300. For some reason, I was under the impression version 6.7 was as high a vers...

Resolved! Disable SSH v1 and telnet on FTD via CLI or FMC?

I don't even see how to configure vty lines on the FTD. Can't find anything covered in the docs about this. Any help?

FMC/FDT site to site VPN

HelloI have Firepower 1120 and configured s2s VPN to 3rd party using parameters as belowIKEv1 Encryption AES-256 Hash SHA Lifetime: 21600IPSec Encryption AES-256 Hash SHA Lifetime: 3600DH14 With NAT nat (local_ip_pool,outsite_interface) source stati...

Resolved! Can't change Management Interface FPR 2130

We have a couple FPR-2130s and FPR-2110s. We would like to change our default/dedicated management port to be one of our inside/data ports for simplicity's sake (Management1/1 -> Gig1/2). According to Cisco, you can do this via the CLI or FMC gui, bu...

Not able to access from Outside Networking through ASDM

Hi all,We purchased the Firepower 2110 loaded with ASA. While sending from factory and there was no base license enabled.We commissioned the Firewall and while we are trying to access the Firewall from outside Network it throws an error as SSL.

Bulk Network object addition on Cisco FMC

Hello Team, We have got a request from our client to add a security policy on the Cisco FTD(4115). The security policy has 800 Network objects(IP addresses and subnets) in the target field. We are not sure how this will work because the firewall is ...

How stable is FTD version 7.3

Hello all, we are currently on FTD version 7.1.0.1 and looking to upgrade to 7.2 or 7.3. A few months ago I had been reading that 7.3 had some issues with unintended restarts, configuration issues, reduced number of objects that could be held in a si...

Resolved! Using TCP port of Syslog and FTD and local logging?

Hi All,Let's say the syslog server being used can use any port for syslog, is just using TCP 514 instead of default UDP 514 good practice?Aside from current logging stopping and/or breaking, is just changing the setting potentially impacting anything...

Resolved! ASA 5506-X missing FirePOWER tab

Hello,We bought a whole set of ASA 5506-x w/firepower + security licenses +50 AnyConnect VPN licenses from a trusted vendor, but it's look like this version (9.12) does not support Firepower!! The Cisco technician told us due to RAM issues 5506-x aft...

Enabling DHCP relay information

How do we enable “dhcprelay information trust-all” in a Firepower 1120 running version 7.2.0.1? DHCP snooping is activated in LAN, and the firewall is acting as ip helper/dhcp relay. The firewall is dropping dhcp packets because we haven’t been able ...

MACSEC PSK Verification

We will be adding new keys to our existing macsec key chain such that the new key will have a lifetime that is immediately available and expires in 15 months. I wonder how often nodes with macsec look at the keys, or reverify them, such that I can mo...

Network Security

Forum Posts

Resolved! Configuring Control Plane ACL on ASA

Question on syslog message %FTD-6-302013 after transition from ASA

FMC 7.0.4 - No Packet Capture tabs under Advanced Troubleshooting

Resolved! Changing session timeouts, logging/syslog, etc. on FMC?

Resolved! FMC Upgrade versions

Resolved! Disable SSH v1 and telnet on FTD via CLI or FMC?

FMC/FDT site to site VPN

Resolved! Can't change Management Interface FPR 2130

Not able to access from Outside Networking through ASDM

Bulk Network object addition on Cisco FMC

How stable is FTD version 7.3

Resolved! Using TCP port of Syslog and FTD and local logging?

Resolved! ASA 5506-X missing FirePOWER tab

Enabling DHCP relay information

MACSEC PSK Verification

On-Demand Webinar: B&M Security Transformation with Cisco XDR

Congratulations to the Event Top Contributors Class of 2024!

Knowledge Hub: Cisco Technology for Securing the Enterprise

Cisco + Splunk: It's a new day for your data.

Announcing Resources That Guide You to Success

Question on S2S Tunnel to Azure using FTD or Azure Native S2S

Setting out TCP MSS on FTD only for non-ipsec endpoints

Cisco Stealthwatch ipfix exporter

FTD Configuration Resource Utilization

FMC - Error mesasge: Unable to reach Cisco Cloud from the device

FMC Management Center is out of compliance.

Default action to FTD

Emergency Reset Appliance

Cisco 2130 FPR Upgrade

FTD issue with Anyconnect authenticating via AD