Network Security

Static NAT over Site to Site VPN on ASA Firewall

Dear Team, there is a requirement that need to have static NAT between two sites.in both sites there will be multiple hosts and on a static NAT there is used only one single IP so,e.g LAN1 IPs 192.168.1.1, 192.168.1.2, 192.168.1.3 these IPs will be n...

Resolved! Adding Firepower To FMC Issue

Hello I installed 6.2.2 FMC and 6.2.2 on a 5516x. When I got to add the firepower module to FMC it says failed to register (update devices failed). I working on this now and need it back and running. Can you please assist.

Resolved! Primary FTD lost date and is showing offline with FMC

We have a pair of 1140 FTDs that are managed by a physical FMC. The UPS failed today, and consequently the FTDs lost power. Upon bootup, the secondary is showing healthy by the FMC and having a mate, but the primary is showing offline. I can ping the...

Resolved! Firepower 1120 base license fpr ver 7 - snort 3 question

Hi,As the title states I have a cisco firepower 1120 with a base license and am running firepower version 7. My question is regarding upgrading to snort 3.0 from ver 2. Since I only have the base license would it even matter if I upgrade to snort ve...

SSH Weak Key Exchange Algorithms Enabled has been raised on VA Scan

Please help to know if anyway to fix this observation or any workaround. The remote SSH server is configured to allow key exchange algorithms which are considered weak.This is based on the IETF draft document Key Exchange (KEX) Method Updates and Re...

How to Block Public IP but Allow FQDN in

HI all, is there a way to block or deny IP Address of a web site but still allow access per FQDN? I have access to both Cisco FMC/FTD and FortiGate set of firewalls.IP, FQDNe.g. https://mysite123.com resolves to 110.1.1.110/32 so if I type an IP addr...

Cisco ASA Integration with Unifi Security Gateway

Dear All, I'm trying to add Unifi Security Gateway to a Cisco ASA that is already configured, I want to have ASA as a second layer of security since the licenses of the URL filtering and malware protection have expired, so I want to add Unifi Securit...

Resolved! Determining Linux Kernel (Cisco ASA 5506)

Hi, we are looking to find out what kernel the Cisco ASA 5506 is using, I have been trying to find out if there is a way to switch to standard linux shell commands via SSH without any luck. I've read that it might be based on Redhat, or at least for ...

sftunnel failed- RPC status :Failed

Hello, We have a ha-pair 1120 FTD, where the active FTD shows disable on FMC. After logging in to the disabled FTD, we found a certificate error, and the time also shows wrong. So it was found out that somebody blocked the DNS and NTP and TCP port 8...

FTD not accessing internet after migration

We attempted to migrate from our ASA 5515xs this morning to FTDs. Needless to say when we tried to access the internet it was not available. We used the Cisco Migration tool and all settings (NATs, ACLs, interface settings, static routes, etc. ) seem...

ASA 9.2 - Unable to ping secondary WAN interface from outside

I have a Cisco with two LIVE interfaces. They aren't failover controlled. I can ping one of the interface from the outside, but not the other. Packet capture shows the incoming echo, but no reply on the interface not working. TCP/UDP traffic works fi...

Resolved! Adding a network module to Firepower 4110

Hi all, I am planning to add 10Gb network modules to a existing FP4110 devices (running container instances) and I have a question regarding the impact of the change. According to HA requirements for FTD, both FTDs should "have the same number and ty...

FTD 2140 upgrade question

Hi, I have an FTD2140 running ASA 9.8(4)29 / FXOS 2.2(2.138) that I want to upgrade. According to the download site, 9.16(2) interim is the current gold star version. If I upload this package through FXOS, will the firewall reload into appliance m...

Audit trail in a Cisco ASA

Hello,As i understand syslog id 111008-111010 can be used as an audit trail to record the changes in Firewalls...However, does an audit trail corresponds to policy change only ?Suppose a user runs "permit traffic same security intra-interface" can th...

IOS ACL Using Service Object Group and TCP Flags

Under vanilla IOS, is it possible to use both TCP flags (established, syn, rst, etc.) and service object groups? For example, I can create an ACL that only allows return traffic from established Telnet and SSH connections:ip access-list extended DEMO...

Network Security

Forum Posts

Static NAT over Site to Site VPN on ASA Firewall

Resolved! Adding Firepower To FMC Issue

Resolved! Primary FTD lost date and is showing offline with FMC

Resolved! Firepower 1120 base license fpr ver 7 - snort 3 question

SSH Weak Key Exchange Algorithms Enabled has been raised on VA Scan

How to Block Public IP but Allow FQDN in

Cisco ASA Integration with Unifi Security Gateway

Resolved! Determining Linux Kernel (Cisco ASA 5506)

sftunnel failed- RPC status :Failed

FTD not accessing internet after migration

ASA 9.2 - Unable to ping secondary WAN interface from outside

Resolved! Adding a network module to Firepower 4110

FTD 2140 upgrade question

Audit trail in a Cisco ASA

IOS ACL Using Service Object Group and TCP Flags

Congratulations to the Event Top Contributors Class of 2024!

Cisco + Splunk: It's a new day for your data.

A new chapter of the Spotlight Award begins!

Join us in Celebrating the New Year and the Nov.-Jan. Winners!

Announcing Resources That Guide You to Success

same question, same issue, Intervlan routing not possible at FTD

Migrate from FMC virtual 300 to FMC virtual

FMC Connection Events Export

Technical presentation document for Firepower needed

KDC has no support for encryption type on ASA 9.18(4)22

FMC 7.2.5.1: Smart Agent is not registered with Smart Licensing Cloud

FTD 3105 : the disk /dev/nvme1n1 is unable to be unlocked or reverted

Stateful Firewall on Cisco Catalyst 9300 Series SwitchesStateful Firew

connetion events in FMC

Cisco FMC strong encryption license code