Network Security

FMC upgradation

we want to upgrade our FMC from 7.0.2 to 7.0.5. FMC is showing in health that smart license usage is out of compliance as we are using extra threat license on one ftd. is there any issue if we go for upgradation or we can go for upgradation. please h...

Resolved! ASA-5525: What is exact procedure to paste 200 line ACL?

Hello.ASA-5525: What is exact procedure to paste a 200 line ACL into the existing config?Thank you.

Resolved! Azure ASAv Question involving VPN and a VIP address

Hi guysI have come up with a solution to get my Corporate traffic into Azure by way of a VPN, which will terminate on a HA pair of ASAv firewalls. I need to protect an HTTPS flow within the tunnel and have it decrypted on the ASAv.The flow would be o...

Resolved! ASA 5515-x SFP Command

I have an ASA 5515-x and added module ASA-IC-6GE-SFP-A. From the CLI, the interface is showing as GigabitEthernet1/0, and when I enter the command "media-type SFP," it says invalid input. The ASA has an SFP connector, which is up and running. Is ther...

Can ASA convert multicast to unicast?

Hello. Can ASA convert multicast to unicast traffic, i.e. forward multicast as unicast packets? A server on the outside sends traffic to multicast address, but software on a host on the inside that needs to receive the traffic is only capable of rece...

Resolved! ASA- between same security zones, config for successful traffic is?

A thread on these boards: A reporter states that both ASA interfaces have same security level of 100. The solution was..."You are missing NAT statements between inside and LANDHP. Please configure identity NAT between the interfaces:static (inside,LA...

Resolved! ASA 5500x Upgrade question

current 5545X versionasa984-41-smp-k8.binwould i be better upgrading to asa984-48-smp-k8.bin which is a jump of 5 versions, is this the safest way, or could i jump straight to asa992-85-smp-k8.bin,or even to asa9-10-1-44-smp-k8.bin, then keep jumpin...

Cisco FTD 7.0.5 - Linktr.ee Blocked even after PreFilter bypass Trust

Hi team, We've encountered some "weird" issue. Our customer have FTD 7.0.5 managed by FMCv 7.0.5. But client that through FTD cant access certain website (example linktr.ee) by browser we've already tried : -bypass the URL + IP address on Prefilter &...

Resolved! HA ASA-5525 pair failed to send gratuitous ARPs during failover. Why?

Hello.I performed a task as instructed by my senior, to reboot the primary ASA-5525 (9.14(3)), then when it returned online, to reboot the secondary. At the beginning, I believe I did execute "failover active", but I am not certain because I remember...

Cisco 1010 BV11 - Created sub vlan#2 as GUEST

I'm getting the IP address of the new Vlan but am not able to browse the internet! no connection. I think the issue is with the access list and NAT but I'm not able to spot it. New VLAN 2 was added under - ethernet 1/2 as a subinterface. please advi...

Resolved! FMC Backup Retention

Hello,We have a scheduled weekly task to backup our FMC and FTD Device configs to a remote storage location and have a policy threshold set to 70% of disk. Currently, there are 13 backups listed in the FMC and 99 backups for our FTDs. Is there not...

Resolved! "packet-tracer" -syntax meaning?

Hello."packet-tracer input inside icmp 172.16.1.5 8 0 172.16.8.5 detailed"What is the meaning of 8 0"?(I don't understand it from the reference below.)Thank you!Cisco Secure Firewall ASA Series Command Reference, I - R Commands - pa - pn [Cisco Secur...

Resolved! Disabling TLS v1.1 at sw - (2)

Hi This post is following the below link. The question is after changing TLS version, the security vulnerability report is same as before, meaning the change did not remediate the issue. Even if the http and https were disabled, the issue is still ex...

Resolved! ASA-5525. How many different ACLs need entries for this circuit?

SERVER1 (security zone 50 of dmz) ==> ASA-5525 ==> inside network (security zone 100) ==> ISR-router ===> www SERVER2Server1 initiates the connection to server2. Obviously there is return traffic to Server1.Regarding only ASA-5525, how many differen...

Resolved! ASA 5525 NAT logic: connection initiator source matters here?

Hello."object network SERVER1nat (dmz,Outside) static 1.1.1.1"If the connection is initiated from the Outside to the DMZ , and the Outside ACL allows this traffic, will this circuit connect, or will it fail because there is needed an additional NAT r...

Network Security

Forum Posts

FMC upgradation

Resolved! ASA-5525: What is exact procedure to paste 200 line ACL?

Resolved! Azure ASAv Question involving VPN and a VIP address

Resolved! ASA 5515-x SFP Command

Can ASA convert multicast to unicast?

Resolved! ASA- between same security zones, config for successful traffic is?

Resolved! ASA 5500x Upgrade question

Cisco FTD 7.0.5 - Linktr.ee Blocked even after PreFilter bypass Trust

Resolved! HA ASA-5525 pair failed to send gratuitous ARPs during failover. Why?

Cisco 1010 BV11 - Created sub vlan#2 as GUEST

Resolved! FMC Backup Retention

Resolved! "packet-tracer" -syntax meaning?

Resolved! Disabling TLS v1.1 at sw - (2)

Resolved! ASA-5525. How many different ACLs need entries for this circuit?

Resolved! ASA 5525 NAT logic: connection initiator source matters here?

On-Demand Webinar: B&M Security Transformation with Cisco XDR

Congratulations to the Event Top Contributors Class of 2024!

Knowledge Hub: Cisco Technology for Securing the Enterprise

Cisco + Splunk: It's a new day for your data.

Announcing Resources That Guide You to Success

Question on S2S Tunnel to Azure using FTD or Azure Native S2S

Setting out TCP MSS on FTD only for non-ipsec endpoints

Cisco Stealthwatch ipfix exporter

FTD Configuration Resource Utilization

FMC - Error mesasge: Unable to reach Cisco Cloud from the device

FMC Management Center is out of compliance.

Default action to FTD

Emergency Reset Appliance

Cisco 2130 FPR Upgrade

FTD issue with Anyconnect authenticating via AD