Planning on using FMT on a pair of ASA's running FPS. Question 1) When using the FMT and pushing the config to the new fmc which houses the new target FTD's. Does FMT then shutdown the interfaces on the source ASA to avoid ip conflicts - or do we hav...
Forum Posts
I am just beginning with SecureX and I enabled on the FMC that manages 4 FTD1010's . However after enabling I only see the FMC and 2 out of the 4 managed FTDs in the Securex portal. I was wondering before I bother TAC on this if anyone knows a way to...
Good Day All, I'm a newbie with Cisco ASA , i have an issue after setting up a guest wifi for my organization.Here the TopoInternal user are on : 10.20.20.0/24 and Guest users are on : 192.168.1.0/24 , DMZ is : 10.30.30.0/24Internal users use interna...
Hello."ciscoasa(config)# failover interface ip folink 172.27.48.1 255.255.255.0 standby 172.27.48.2"The above is the Cisco literature config for a failover link for a one of two 5525s in a high-availability setup.What exactly is this link used for? W...
Resolved! FMC access to internet without nat
HiHow can FMC access cloud services (e.g. Cisco Smart License Center), without using management interface, that is used for communicating with devices like FTDs. In other words we want to use different interfaces for internet access and internal com...
Resolved! Firewall Policy
HiIs it possible to generate a report which shows our full FTD policy (Firewall Policy). ?? Thanks
HI ALL,I have recently setting up Cisco FTD and FMC , i am trying to create a two port channel one will be INSIDE and Another will be OUTSIDE, these port channel i added two interface each for inside and Outside. what i am trying to do to allow 8 vla...
Hello all,Currently trying to enable our Remote VPN users to route through our primary site and back out for specific subnets. We're using a FTD 2110 running 6.6.5 managed by an FMC running 6.6.5.2i added the desired subnets to the split-tunnel ACL a...
Hi,I have a question regarding the FMC minor upgrade from 6.6.5.2 to 6.7.0I've watched some videos, read procedures and find out that any pending deployments should be pushed prior the upgrade.I have two sites with ISP issues at the moment therefore ...
I have similar to the following - policy-map global_policyclass Class_FP sfr fail-open class-map Class_FP match any service-policy global_policy global If I want certain traffic to not go to the Firepower SFR what is the best way to achieve this? ...
Hey guys I'm having an issue where the traffic flow gets dropped to secondary Load Balancer upstream to the LAN here is my config, am I missing something? I also attached a network diagram for reference to what I am trying to get accomplished. Any su...
Dear all,Please advice in one thing. Imagine I am looking for user which is causing most of the connections over my firewall.On ASA I was using simple commands (where 500 is number of connections per ip address):sh local-host connection udp 500 | i l...
This is my first time posting here, so bear with me.Our company runs ASA5545X with Firepower in each of our 2 data centers. For the last 2 years, we have been having an ongoing issue where they stop passing traffic. In the last couple months, it has ...
Hi Expert,I'd like to modify order of accessrules via API.I explored api/api-explorer, however could not find related fields like sequence number.I also couldn't find fields regarding Category.Could you please let me know they are available?Thank you...
Resolved! Cisco ASA Multi context AWS VPN
A client of mine has a Cisco ASA that's currently running on multi context mode and needs to configure a site to site VPN to his AWS VPC. Kindly advise how to go about this as VTI is not supported on ASA in multi context mode.
