Hi , I noticed that some network disable the ping and some security engineer disable the ping in network. I also found some article that Disabling ICMP won’t increase security. What is the best practice ? If we enable ping , how to protect the attack...
Forum Posts
We have two FirePower FTD 4145 firewalls operating in FTD cluster mode. The devices below the firewall cluster is a pair of Catalyst 6807 switches running in vss mode. Above the firewall cluster is a pair of Catalyst 9500 switches that have been stac...
I have got below interface:Machine01 (10.0.2.221)<-------> Inisde(10.0.2.0/24)<-------> ASA<-------> Outside(10.0.1.0/24) <------->(pool-192.168.100.0/24) Client (192.168.100.22) I have got below route table for inside interface in AWS: I am able to ...
I have an ACP base policy from which my FTD devices inherit from See attached Pic) Is there a better way I can do this as I can't re-order the rules in the ACP policies that are inheriting these rules from the base policy. So Site A, B, C & D ACP al...
Resolved! Firepower IPS inspection
Is IPS a "Set it and forget it" type deal? Say I have 50 rules in my ACP and select balanced & security for every rule and on top of select a file & malware policy would this not kill the performance? What do you guys typically do to manage this? I...
I am trying to re-mage an SFR module on an ASA but when I do a system install via ftp, I get a permission denied error. I have ruled out the FTP server as the issue as I am able to FTP to a totally different set of firewalls so that should rule out t...
Resolved! ASA5516-x unable to set TLSv1.2
Hi all We have an ASA-5516X with the latest recommended version 9.16(2). I get the below error. I should be able to use TLS1.2 along with DTLSv1 no? ssl server-version tlsv1.2 ? configure mode commands/options:<cr>ssl server-version tlsv1.2 dtlsv1.2^...
Hi Team, Please share FPR 1140 upgradation ver 6.6.x to 7.0.2 step/guide
We have a HA pair of ASA 5508-X configured as active/standby and installed FirePower on each device. In FMC, we get the error "Interface 'DataplaneInterface0' is not receiving any packets" for the standby device as below. Do you have any other ap...
Resolved! FMC upgradation
Hi Team, Please share FMC upgradation step ver 6.6 to the latest one
Hello,I witnessed a strange behaviour in two of our eight Firepower Clusters.Affected are one FTD 2110 HA Cluster and one FTD 4110 HA Cluster all on 6.6.5.After a mayor power outage in our DC all Systems went down.(VXRAIL, Switches, Router, Firewalls...
Hello Experts Could someone tell me the difference between service resetinbound and resetoutbound? According to the command reference, resetinbound is for inbound traffic and resetoutbound is for outbound traffic. Then what does inbound traffic and o...
Hi Experts, I need some help from from you guys. Today I was doing packet capture on Cisco ASA and during the capture in my logs I saw SWE flag. Can anyone please let me know does it mean I also tried googling it but didn’t get accurate answers. ...
Hello Guys ,I have this problem with the FTD where I can't assign ip to the interface or deploy anything when i check the status its showing this can someone please explain what is this and how do i solve it? Do I need to update or what ?
Hi, I have to migrate from an ASA with a firepower module managed from an FMC, to a firepower managed from an FMC. My doubt arises with the migration tool, does it serve me to perform the migration of the ASA configurations, nothing else? because I u...
