I have increased number of Inspection failure (inspect-fail) from show asp drop, and would like to capture them for further investigation, and wonder what option should I use after capture my-capture type asp-drop ? Thanks.Leo
Hello All,I have setup VPN according to these instructions:https://www.petenetlive.com/KB/Article/0001682I have the default rule (Inside Zone Any Any to Outside Zone Any Any = Trust)I have a just in case rule (Inside Zone Any Any to Inside Zone Any A...
Hi there, I want to migrate Cisco ASA 5505 to Cisco FTD with Firepower Device Manager (FDM). I know that you can use Cisco's Migration Tool if you are migrating to Cisco FTD with Firepower Management Center (FMC). Is there any "easy" way to migrate f...
Hi everyone,There was a problem with my ASA 5545x firepower service. As a result of reimaging the firepower service, my permanent SFR license was deleted. If I lose the default permanent license, how can I get it back?thanks and regards
Hi ,
I would like to ask about snmp allow rule in ASA. let say our network is like below .
App Server--->switch-->ASA--->SNMP server
I configure snmp configuration in server and switch to send log to snmp server.
I want to know if it is enough one ...
Hello All,I just got a Firepower 1010 running 9.13 ASA code on it. I am consoled in and it looks like it was reset to default (ciscoasa> prompt).I have pushed the reset button more then 3 -10 second and powered it off and on (pulling power).I have tr...
A security audit has flagged the fact that the SSH services on our Firepower Management Centre 2000 appliance (running v6.1.0.3) is configured to support Cipher Block Chaining (CBC) encryption.
The security audit has advised disabling CBC mode ciph...
Hi GuysWe have a Cisco ASA 5545 with software version - 9.8(4)41We are having lots of strange issues going on with NAT, whenever we add objects, or amend NAT rules, it deletes random rules, changes source and dest ranges and randomly reorders them, t...
Hi all,
We are planning upgrade of SFR modules in ASA5516-X to version 7.0.4. Looking at the firepower release notes it states that the 7.0.4 version of firepower requires the ASA to have the latest version of ROMMON, currently 1.1.18.
I was under th...
Hi All,I've deployed a FMC managed FTD at a remote office, where it's managed via OUTSIDE interface.Usually with an ASA it's possible to query SNMP on the INSIDE interface through the IPSec.This doesn't seems possible with the FTD. ICMP doesn't work ...
HiGot x2 2100 FTD's managed by same FMC and got the VPN up between the two but oneside has no decaps any ideas, ? there is no NAT configured do I need it as some docs suggest because it was working before one FTD got replaced due to failure with no N...
Hello team,
I have to create a new envirotment where Traffict ( signals) coming from outside ( internet ) has to match in one of my ip publics, I have to nat by portforwarinng to a dmz and that it. Only with ACL ( without ZBF) it works, but w...
We are planning on getting a new 500gbps/1gbps connection installed in the next few months and we're currently using an old 5505 ASA which we need to replace. What are some options that can handle the bandwidth?
I am working on migrating from an ASASM to FMC/FTD. I know that the ASASM isn't fully supported by the firepower migration tool, but the policy and objects are pretty long so we are doing what we can with it and the TAC said that it would not migrat...
