Hi,We have FTDs mgmt by FMC version 7.0.1. We are using certificate authentication on RA VPN configuration. Indentity Certificate signed by our local CA has been expired, we have installed a new indentity certificate. Have refreshed the cert status o...
Forum Posts
HiI am configuring an ASA device. I am noting the NAT is not working and the PRIVATE deivce can not reach the destination/gateway(192.168.237.65&192.168.237.129). Can someone help to check the config?interface GigabitEthernet0/1no nameifno security-l...
Hi everyone, have a nice dayI have a big network with multiple cisco routers, switches(IOSXE, IOSXR), and NX, I found in the ARP table multiple IP addresses with the same mac address, I try to track the mac address but the port for this mac return me...
I have two ASA5555X running version 9.631, about 2 months ago the active asa started refusing ssh in all the interfaces, after the restart I can ssh again, then a couple of days or less no ssh again.then the primary (active) started failing gradually...
Hello,I am trying to force some users to send traffic to specific wan interface.Created a ACL:ALLOW inside_zone specific_users ---> outside_zone interface_WAN3 in NATdynamic NAT from inside to outside WAN3 interface. But when i try to see from users ...
While attempting an FMC upgrade the upgrade failed with the following message in the CLI: The Cisco 6.6.5 upgrade has halted, status: [48%] Fatal error: Error running script 800_post/021_reinstall_sru.sh. For more details see /var/log/sf/Cisco_Firep...
Hi all,Though someone might be able to give me some better understanding about CDO features. I thought to be impressed by CDO but during testing my "whoa" effect has not arrived (yet) about CDO and it's potential.... Maybe just in points:Is there a w...
Hello everybody, I have to upgrade a Firepower 2110 running an ASA OS from 9.12.4.37 to 9.18.1. I went to the FXOS level and copied the OS to the flash: de-nm-fw-ext-02/sec/act# connect fxos firepower-2110# scope firmware firepower-2110 /firmware #...
Hello EveryoneI am trying to block websites at a specific time, and for that, I thought of using time-based ACL with regular expression with MPF config. Can someone please tell me if I can combine both and achieve my goal? Thanks.
I have a pair of 1140 in HA running FTD 7.0.1.1 - The FMC is also running 7.0.1.1. They are fairly simple configured (12 ACP rules), but I keep getting warnings says "Deployed configurations are too large" The alert details shows this:Memory Allocat...
Hi All. Is it possible to use a firepower firewall to grant time based access to a management network from an administrative network.I would like to use 2 factor validation for the session. /Arne Larsen
I am running multiple NGFWv in our AWS environment from the marketplace. When trying to setup the EC2 instance for the firewall image and if I selected to encrypt the ebs volume with default aws/ebs key then the appliance does not respond on boot up....
Hi All,We have a Cisco Network Analysis Module [Prime NAM] Version : 6.4(2) This NAM has been patched with latest version of NAM already . However our Qualys reports shows that it is affected by the below vulnerability .QID-82054 (TCP Sequence Number...
Resolved! not allow traceroute in asa
how to config asa in order to not allow traceroute to asa outside interface?
Hello, We have a Cisco ASA 5508-x with SFR module in our company. The FMC's software version is 6.3.0 and the SFR module is 6.2.0.5. I know that updating the FMC to 6.6.1 is quite easy through the web interface but my real challenge is updating the S...
