Hello community, Our client has 2x FTD 1120 with latest version 7.2.0.1-12 and also FMC with latest version 7.2.0.1-12. The FMC is integrated with ISE-PIC for user authentication. We are facing some problems with filtering and FMC is showing this er...
Forum Posts
I have Discovery Policy for Internal Zones where I am only getting network map for 2 of my FTD's internal zones and my 3rd FTD subnet is not showing up in the network map. I see connection events for this particular subnet but the PC icon for the e...
We have Access to Cisco Firepower Management Center and Firepower Threat Defense version 7.2.0 When we try to register a key to establish the connection between FTD and FMC, We are getting the below error in FTD, File HA_State not found. Because of w...
Resolved! FTD syslog export to debugging level
Hi Experts,We are attempting to export logs to IBM qradar SIEM.It seems we need to set the logging level for syslog export to debugging to get session data exported.Will it cause resource issues on our FTD's if we set the syslog export to debugging l...
Hello.I have redundant 5506x and frequently the FW will not hand out an address to either a PC or phone. If a forced failover or power cycle occurs, it fixes the issue until it occurs again. This configuration has been working for years. Inside inter...
Hi,We have FTDs mgmt by FMC version 7.0.1. We are using certificate authentication on RA VPN configuration. Indentity Certificate signed by our local CA has been expired, we have installed a new indentity certificate. Have refreshed the cert status o...
HiI am configuring an ASA device. I am noting the NAT is not working and the PRIVATE deivce can not reach the destination/gateway(192.168.237.65&192.168.237.129). Can someone help to check the config?interface GigabitEthernet0/1no nameifno security-l...
Hi everyone, have a nice dayI have a big network with multiple cisco routers, switches(IOSXE, IOSXR), and NX, I found in the ARP table multiple IP addresses with the same mac address, I try to track the mac address but the port for this mac return me...
I have two ASA5555X running version 9.631, about 2 months ago the active asa started refusing ssh in all the interfaces, after the restart I can ssh again, then a couple of days or less no ssh again.then the primary (active) started failing gradually...
Hello,I am trying to force some users to send traffic to specific wan interface.Created a ACL:ALLOW inside_zone specific_users ---> outside_zone interface_WAN3 in NATdynamic NAT from inside to outside WAN3 interface. But when i try to see from users ...
While attempting an FMC upgrade the upgrade failed with the following message in the CLI: The Cisco 6.6.5 upgrade has halted, status: [48%] Fatal error: Error running script 800_post/021_reinstall_sru.sh. For more details see /var/log/sf/Cisco_Firep...
Hi all,Though someone might be able to give me some better understanding about CDO features. I thought to be impressed by CDO but during testing my "whoa" effect has not arrived (yet) about CDO and it's potential.... Maybe just in points:Is there a w...
Hello everybody, I have to upgrade a Firepower 2110 running an ASA OS from 9.12.4.37 to 9.18.1. I went to the FXOS level and copied the OS to the flash: de-nm-fw-ext-02/sec/act# connect fxos firepower-2110# scope firmware firepower-2110 /firmware #...
Hello EveryoneI am trying to block websites at a specific time, and for that, I thought of using time-based ACL with regular expression with MPF config. Can someone please tell me if I can combine both and achieve my goal? Thanks.
I have a pair of 1140 in HA running FTD 7.0.1.1 - The FMC is also running 7.0.1.1. They are fairly simple configured (12 ACP rules), but I keep getting warnings says "Deployed configurations are too large" The alert details shows this:Memory Allocat...
