The Firepower FDM DNS server settings only allow for one Data Interface and one Management Interface. My firepower will be connected to two separate LANs with separate domain controllers on separate data interfaces. How does the system know which ...
Forum Posts
Resolved! Adding public block IPs to ASA
Hi all, I've got some public IPs from our ISP 154.x.x.x/24. Also, I have one IP address 149.x.x.x/30 that binds me with ISP. 154.x.x.x/24 subnet should be used for web servers. I'm trying to implement this configuration in ASAv(9.15 version). My goal...
I have FTD 1010 installed and since day one the memory is high Now its 94%, and its always between 92%-94% CPU is 12% Any ideas
Hi, DCE2_EVENT__CO_FRAG_GT_MAX_XMIT_FRAG signature events are being generated, and when reviewing it we see that the detected traffic is on high ports, both in origin and destination. According to the rule the traffic it inspects is ICMP.Are we inter...
HiI have an SNMP server for monitoring and I want to allow outside interface devices to connect to the server, while I am creating static nat I get this error (ERROR: NAT unable to reserve ports).the used commands:ASA(config)# object network ZabbixAS...
Resolved! firewall throughput
Dears, I want to size a firewall, hence the customer told me that he has a video traffic in TBytes that he needs to transfer from MPLS link , but i need to size the firewall processing throughput how we can do that ?? the customer is not aware of co...
When I try to add sensor from FireSight, it pop-up a dialogue box "Could not establish a connection with sensor. Make sure the registration keys match, that the software versions are compatible, and that the network is not blocking the connection." I...
Hi Teams, Preprocessor(GID:122) are rule about portscan detection.These rules are disabled defaultly(Snort's base policyl:Maximum Detection also).So, for catch attacker's portscan, I have to enable these rules manually. Why are these rules disabled? ...
Hello, I am setting up my new FTD 2130, plan is to use user User certificate and AAA ( Cisco Duo ) for RA VPN.My CA infrastructure is running on Microsoft Servers, and I am having troubles finding information regarding certificate template and applic...
Hello, Today I was making a lab to test Cisco Clientless SSL VPN authentication by using certificates (Local CA) before a real deployment. Provisioned a standalone MS 2012R2 CA and a test client (win 7 ultimate SP1). On client I import the CA cert ...
hi all,I‘m looking for a firewall which should be used to act as layer3 gateway for ~15-20 vlans and segment traffic on layer3/4 between them! I‘m not 100% sure if it would make sense to use also IPS functionality for traffic which is most of the tim...
HI there I have some questions about firewalls, is cisco firepower capable of doing what is Fortiweb doing ? is the deep packet inspection is the same idea that used in Fortiweb ? or cisco doesn't have WAF, or even if it does can we say it is good a...
Problem: i can not ping lan PC to ASA outside interface(10.10.10.2)i can not ping ASA outside interface(10.10.10.2) to inside interface(192.168.25.254) or LAN PC.ciscoasa# sh running-config: Saved:: Serial Number: JMX1203L0NN: Hardware: ASA5520, 2048...
Hi,I´ve design related question about how a state-of-the-art security solution in a campus network should look like!Assuming that we use a hierachical network where should the Layer3 standard gateway for the clients should be set on? Should I use a L...
Hi All,Can someone tell me what is going on with my customer's ASA 5585? I was attempting to create an object NAT rule for an inside host, but the NAT section does not exist in the Add Network Object window. Also, "Add Object NAT" is not an option ...
