Hello , I have configured Cisco ASA 5512 with Active/Standby failover Remote VPN access. It is working fine, but the goal is that, we need to provide VPN remote access over WLAN interface with same security level on Inside and WLAN interfaces. NAT, A...
Forum Posts
HiI have set netflow up and working ok can I reference more than one destination in the flexconfig object or do I need to create seperate objects per netflow destination.? Thanks
Resolved! ASA 5505 ssh access question
Hi,Currently any ip address can ssh to my asa 5505 firewall outside interface. What should I do to restrict only certain IP can? What's the command to see the current ssh management access rule?Thanks.Ye
Dear All,I configured a cisco FTD to always send syslog events to a log analyzer.However i found out that the deny tcp any any rule i configured to drop undefined traffic from that unsecure interface seem to be dropping the syslog traffic after a whi...
We have several users that connect through AnyConnect and our subscription is up for renewal. We renewed for another two years and was wondering if we need to add those to our Firewall Cisco ASA as I do not want any users to get disconnected. What is...
Hello,We upgraded our firewall to latest update 7.2.0.1-12 but then our VLANs dont work.I can see traffic of my pings, between vlans, endpoints etc but getting "request timed out" nor access anything even though i see the traffic, its like its bugged...
Hello guys I have this topology where the inside network runs with ospf and in the ftd there is both default route and ospf ?After configuring all this also my inside network cannot go to the internet or the isp ip.My question is how do i redistribut...
In my corporate environment, IT won't give permission for a switch, they wants us to lay more cable, but it's too expensive. Leadership doesn't understand and says just use WiFi. ISE of course prevents using a switch without permission; ISE will de...
Hello Experts @Rob Ingram @balaji.bandi I have ASA and running the capture for SMTP with a max buffer size of around 35 mb and with overwrite option enabled but this is not enough for my use case.I want to run packet capture which will continue for ...
Resolved! ISE-PIC and FMC
Hello,I had installed Cisco FMC 6.6.4 version and ISE-PIC 2.7 version for Passive Authentication. Everything worked pretty fine but then I upgraded FMC up to 7.0.1 and ISE-PIC has some issues. When I try to integrate FMC 7.0.1 with ISE-PIC 2.7 I see ...
Hi , I noticed that some network disable the ping and some security engineer disable the ping in network. I also found some article that Disabling ICMP won’t increase security. What is the best practice ? If we enable ping , how to protect the attack...
We have two FirePower FTD 4145 firewalls operating in FTD cluster mode. The devices below the firewall cluster is a pair of Catalyst 6807 switches running in vss mode. Above the firewall cluster is a pair of Catalyst 9500 switches that have been stac...
I have got below interface:Machine01 (10.0.2.221)<-------> Inisde(10.0.2.0/24)<-------> ASA<-------> Outside(10.0.1.0/24) <------->(pool-192.168.100.0/24) Client (192.168.100.22) I have got below route table for inside interface in AWS: I am able to ...
I have an ACP base policy from which my FTD devices inherit from See attached Pic) Is there a better way I can do this as I can't re-order the rules in the ACP policies that are inheriting these rules from the base policy. So Site A, B, C & D ACP al...
Resolved! Firepower IPS inspection
Is IPS a "Set it and forget it" type deal? Say I have 50 rules in my ACP and select balanced & security for every rule and on top of select a file & malware policy would this not kill the performance? What do you guys typically do to manage this? I...
