Network Security

How to verify if a Cisco Firepower IPS event is really true positive?

We are receiving this event "EXPLOIT-KIT Gong Da exploit kit possible jar download (1:27706:3)" from Cisco Firepower IPS. We tried to find which file in our server is causing this event, and from the IPS Pack Text we found this: Packet Text ....l@.....

Licensing on ISA3000 - TMC license on ASA+FP and TMC license FTD

Hello, I´m creating an estimate on ISA3000 and the customer wants TMC licensing on the firewall. I read the datasheets and understands that there are two ways of doing this. @https://www.cisco.com/c/en/us/products/collateral/security/industrial-secu...

Resolved! Cisco ASA Writing on Configuration missing in ASA conf

Hi, I have an ASA 9.8 in multiple context. I recently noticed that when I write the conf, at the beginning of the conf, there is the comment of Written by and the time missing. The auditor is requiring this detail in the conf. Can you please assist ...

Certificates in Dynamic Access Policy

Hello everyone, I am trying to devise a solution to block non company computers from connecting to our Anyconnect VPN. I am thinking about using a self-singed certificate using Dynamic Access policy for this purpose. I have installed Host Scan image ...

Best practices to migrate two ASA firewalls in standalone mode operating in a critical network to Firepower 2130 in failover act/act and Multiple Context

Hi Community I would like to know if the community has had experiences or any discussion about the best practices to migrate two ASA firewalls in standalone mode operating in a critical network. The process is to migrate the two ASAs to new Firepower...

Resolved! ASA 5512 Internet connection issue

Hello everyone,I am new into networking and I am trying to setup a home lab but I am having a problem with a basic ASA 5512 firewall configuration. The problem is that I cannot setup internet connection inside my network.I have created two interfaces...

Secure OOB Management Design, for various categories of Management traffic

Dears, I am working on OOB Management design for connectivity of management of various categories of Data Center traffic such as DMZ (e.g. Internet routers), Servers, Network, Application, Security (KMS, HSM, etc.) and PCI. I looked for Cisco best pr...

Resolved! ASA DHCP relay issue

running cisco ASA 5516-x with DHCP relay enabled some of PC are getting IPs and others not, i have tried alot of TS steps here are some of DHCP relay debug from the ASA ( i want to know if the ASA dropping something or is it DHCP server issue ?)dhcpr...

FirePower 4100 , SSD management FPR4K-SSD200

On Cisco FirePower 4120 FXOS Platform mode and ASA mode (no FTD) we need to understand how the SSD (FPR4K-SSD200)is utilized by FXOS and ASA.FXOS: for example "dir" under local-mgmt shows a free workspace of 4Gb is that related to SSD ?the "show stor...

Resolved! FDM https connexion impossible

Hello,I have a pair of FTD 2130 configured as HA.I use FDM to manage these FWs.Every time I want to run "https" on its IP-mgmt address, it came out as http (not secured).Anyway I can configure the FTD without issue. But I feel uncomfortable why http...

Cisco FPR4120 running ASA with "No buffer" discards on the internal-data interfaces

Hello , I have FPR4120 running ASA , I can see no buffer counter is increasing on Internal-Data interface 0/0 and 0/1 What does it mean and how I can troubleshoot it ? My CPU usage is 2% , and I don't notice any impact.

Cisco asa defaults for DNS inspection

Hello, I have a question regarding DNS inspection on the ASA. Would it make a difference running the DNS inspection without preset_dns_map ? I migrated my ASA newly from 9.4 to 9.8.4.34 and in the configurations I can see the below : policy-map globa...

Port-Channel between 4110 Modules

Is there any issue with running a port-channel between separate modules within a 4110 chassis? Im assuming no, but I haven't located supporting documentation.

BGP Reset 2130 HA - just one unit

hello folks we have a TAC open , for couple weeks now (!) for a situation where a HA pair of 2130 running 6.7.0 which has been in use from since Nov 2020-ish , the 2130-1 unit has begun having BGP reset randomly.... we failover to 2130-2 and no BGP r...

Resolved! Generate reports for specific FPR-2140 interface on FMC

Our 2140 and FMC are both running 6.6.1, and I'm needing to generate reports for a specific interface. I don't see anywhere that I can define an interface or limit reports to a specific IP range when generating reports on the FMC - the reports seem t...

Network Security

Forum Posts

How to verify if a Cisco Firepower IPS event is really true positive?

Licensing on ISA3000 - TMC license on ASA+FP and TMC license FTD

Resolved! Cisco ASA Writing on Configuration missing in ASA conf

Certificates in Dynamic Access Policy

Best practices to migrate two ASA firewalls in standalone mode operating in a critical network to Firepower 2130 in failover act/act and Multiple Context

Resolved! ASA 5512 Internet connection issue

Secure OOB Management Design, for various categories of Management traffic

Resolved! ASA DHCP relay issue

FirePower 4100 , SSD management FPR4K-SSD200

Resolved! FDM https connexion impossible

Cisco FPR4120 running ASA with "No buffer" discards on the internal-data interfaces

Cisco asa defaults for DNS inspection

Port-Channel between 4110 Modules

BGP Reset 2130 HA - just one unit

Resolved! Generate reports for specific FPR-2140 interface on FMC

Hearty congratulations to the December Spotlight Award winners!

Renew.cisco.com just got refreshed, and it will make your life easier!

Announcing Resources That Guide You to Success

FMC warning when trying to run a deploy [update failed/in-progress]

FTD manger by FDM and RADIUS authorize-only

Possible to send IoC events from FMC to SNMP/Email?

Anyconnect on Cisco 886 not working

Change IP address of FMC HA standby node

"logging monitor debugging, logging buffered debugging..."

Firepower denying packets due to wrong category

ISE Configuration 802.1x

Anyconnect Profile

SSH Configuration , Outside Interface, Cisco Firepower 1100 Series