Dear All, I'm trying to add Unifi Security Gateway to a Cisco ASA that is already configured, I want to have ASA as a second layer of security since the licenses of the URL filtering and malware protection have expired, so I want to add Unifi Securit...
Forum Posts
Hi, we are looking to find out what kernel the Cisco ASA 5506 is using, I have been trying to find out if there is a way to switch to standard linux shell commands via SSH without any luck. I've read that it might be based on Redhat, or at least for ...
Hello, We have a ha-pair 1120 FTD, where the active FTD shows disable on FMC. After logging in to the disabled FTD, we found a certificate error, and the time also shows wrong. So it was found out that somebody blocked the DNS and NTP and TCP port 8...
We attempted to migrate from our ASA 5515xs this morning to FTDs. Needless to say when we tried to access the internet it was not available. We used the Cisco Migration tool and all settings (NATs, ACLs, interface settings, static routes, etc. ) seem...
I have a Cisco with two LIVE interfaces. They aren't failover controlled. I can ping one of the interface from the outside, but not the other. Packet capture shows the incoming echo, but no reply on the interface not working. TCP/UDP traffic works fi...
Hi all, I am planning to add 10Gb network modules to a existing FP4110 devices (running container instances) and I have a question regarding the impact of the change. According to HA requirements for FTD, both FTDs should "have the same number and ty...
Hi, I have an FTD2140 running ASA 9.8(4)29 / FXOS 2.2(2.138) that I want to upgrade. According to the download site, 9.16(2) interim is the current gold star version. If I upload this package through FXOS, will the firewall reload into appliance m...
Hello,As i understand syslog id 111008-111010 can be used as an audit trail to record the changes in Firewalls...However, does an audit trail corresponds to policy change only ?Suppose a user runs "permit traffic same security intra-interface" can th...
Under vanilla IOS, is it possible to use both TCP flags (established, syn, rst, etc.) and service object groups? For example, I can create an ACL that only allows return traffic from established Telnet and SSH connections:ip access-list extended DEMO...
Dear Community,I read in a post online recently that in some instances pushing policy to your FTD's from the FMC may cause the Snort process to restart, potentially causing traffic disruption. I was wondering if the following actions may cause traffi...
Hello, I have a question about licensing. As I read, FMCv in Azure supports only smart licensing and the ASA with Firepower Services requires traditional licensing. So, am I able to manage the FirePower Service Module (in the ASA on premise) with the...
Hello,I am doing a migration from a multi context ASA to a single context FTD. Both contexts in the ASA had a lot of sub interfaces and I want to make sure we don’t leak any traffic between the interfaces previously belonging to the two context.Inste...
The basic Threat license on a Firepower 2110 is "L-FPR2110T-T-1Y". List price is US$2589.40 for one year. "L-FPR2110T-TMC-1Y" is for Threat, Malware and URL Filtering and list price is US$6602.97 for one year. Contrast that with a Firepower 1010: $14...
Hi,Why do I see two entries on the FTD Analysis page for each user, even though the users have authenticated and connected to the RA VPN? Thank you.
Hi All, The more I read about this topic, the more I get confused.I am pretty clear on the deployment modes, routed and transparent modes and how they work.Again, I clearly know how the interface modes work.The source of confusion is the combination ...
