Network Security

Hi All,I am planning on running a Nessus vulnerability scan against our external IP address space. I wanted to know if we need to make any changes to our firewall configuration to permit an effective scan. We have exempted Nessus traffic from being i...

I am in the process of migrating a firewall rule set from a PIX to an ASA and would like to delete entries that have never been used.  Is it safe to assume anything with a hitcnt=0 has not been used since last reboot (over 2 years ago..)Thanks

Last night my firewall failover to secondary suddenly and I am still trying to find the root cause.  Looking at the log and history, I saw the reason of failover because the "Service card in other unit has failed".  Further investigating and the card...

We currently have a set of ASA5520's in resilient failover mode and wish to upgrade them to 5550's. The problem is we would like to have no downtime of the Firewalls.I have an idea of replacing the the Standby first with a 5550 and bringing on line w...

Hi All,              I have two ASA 55210 were one ASA is working fine , while second ASA has similar configuration of ASA 1 but we have problem in reverse traffic , My TCP connection is established from inside interface to outside interface , while ...

Hello,It seems some of our users (maybe all) get intermittent issues when conecting to websites.  For example when I connect to cisco.com or google.com it might take ages but load or fail, if I hit F5 to refresh then it loads immediately.  During thi...

Hello Guys,I'm not familar CS-MARS  but i have read the below book,Cisco.Press.Security.Threat.Mitigation.And.Response.Understanding.Cisco.Security.Mars,Am not sure where is the right place to keep the CS-MARS in the network, By reading this book wha...

Hello,If I use bundle ASA5580-40-10G-K9 in failover configuration should I use 10G interface for stateful failover link or 1G will be enough? Traffic on data interfaces will exceed 1G. Is a Etherchannel option available  on ASA for failover link?Than...

Hi All,I would like to ask you a question .i am using solarwind monitoring tool for bandwith monioring.I would like to know which interface we should use for monitoring ? Physical interface or tunnel interface .I am using GRE tunnel in each of my rem...

We are planning on bringing up a second site with a public class C, and putting ASAs at each site - at the new site in a failover config, and the previous site as a single unit (not failover or standby).     The new site will be primary, and the prev...

HiWe use our Cisco ASA 5520 to allow our users a WebVPn into us. We have a policy that scans the endpoints to check there OS/AV/Firewall. Does anyone know if Cisco publishes a document that lists all teh OS/AV/Firewalls they support?Thanks

i know it can be done on my ASA5510 - that's not my porblem - I just need to justify the risks. I've been trying to hunt down any supporting "Best Practice" documents that state whether it's advisable to allow ssh access from the internet to the outs...