Network Security

Hi folksI got a question today that left we thinking and no answer.Can I, on an IPS 7.x, create a rule that compares data in a HTTP flow?Example: User send a login request in clear text but the server responds with a different account. A custom packe...

I have a pair of 5520s with the LAN/STATE interface on a Gi0/2. Some hoser configured the interfaces as 100/full and connected them to 100/full 100M switchports. You evidently can't change the ASA interfaces with failover enabled. Is there an easy wa...

Hi,I have a standby firewall which is not connected in live network as if now only Primary ASA is live,i have just installed once secondary ASA for failover testing and it working fine,QuestionAs if now the secondary firewall is out of network (on my...

Dear All,I want to upgrade NAC Appliance from 4.6(1) to 4.7(2). Just want to check if i need any licences for this upgrade.Also need procedure to upgrade from 4.6(1) to 4.7(2).RegardsAmar

Hello:I am redesigning my ACL's.  I have a dumb question for the "outside_access_in" ACL.  This ACL controls traffic from the outside in.  Servers which are in my DMZ are on a private range and the ASA is doing a static NAT for them.  As I create the...

Hi Guys I have an ASA 5510 running 8.0 code.I was experiencing slower throughput then normal and decided to do some testing on the firewall.I had a redundant interface for the inside of the firewall with ports e0/2 and e0/3. both configures to 100/FU...

Please help me understand the asterix (*) symbol seen in below rule (highlighted) besides the hitcnt keyword.access-list server_input_in line 34 extended permit tcp host 192.168.100.1 host 192.168.300.4 eq ssh (hitcnt=*)Hitcnt should show certain num...

Hi,Is it possible to do nat on firewall with nat on udp ports. if there are certain servers running service on udp port , will external access work ifwe configure nat for udp access.Thanks!