Hello,I have taken over the job of managing the Cisco Firewall at a company. It seems that the last person has not been updating the firewall correctly.Under 'Security Intelligence' I am receiving a 'Cisco Intelligence Feed' and 'Cisco-Dns-and-Url-In...
Forum Posts
I am currently performing security audits on equipment, but I am unable to find any documentation about hmac-sha2. I am trying to determine which platforms support the following command:ip ssh server algorithm mac hmac-sha2-512 hmac-sha2-256 Currentl...
Do any of these topics sound familiar to you?FTD Upgrade failed, and I can't do anything on the firewall because there's a "staged" deployment that fails but Discard All won't clear it (such as VRT or VDB updates).For some reason, any attempt to Depl...
According to this document regarding Clustering: Deploying a Cluster for Firepower Threat Defense on the Firepower 4100/9300 - CiscoDeploying a Cluster for Firepower Threat Defense on the Firepower 4100/9300 - CiscoWhen you deploy a cluster on the Fi...
We have an ASA 5515-X running 9.2(4) firmware with AnyConnect users and site-to-site vpns configured. All works fine (including hairpinning to the site-to-site connections), but I have been asked to change the config so that AnyC users can access a ...
Hello World,I have to add 1800+ IPs to block on ASA 5516x and I was wondering if there is a fundamental difference between creating each 'object network <name>' and adding them to a group, vs creating the 'object-network Blacklist' group and then add...
Hello! Problem:When connecting users via VPN and using the ISE as a radius server, DACLs are applied.This generates a message to the ASA which is sent to the syslog server:%ASA-5-111008: User 'aaa-acl' executed the 'access-list #ACSACL#***' command. ...
Good day, community. I am in the process of migrating ASA to FTD, and I leveraged FirewPower Migration Tool to generate a migrated ACL on FMC but did not apply the migrated ACL to our FTD yet, since I need to make quite a few changes which I really h...
Hey I got my CCNA last year and want to start studying for CCNP Security and want to know what device I would need. I prefer to have physical device, but I'm not sure which one is best or what specs I would need. I would like input from some one with...
We are migrating from ASA to FTD, and we have a large number of L3 interfaces on ASA as servers' default gateway, so on FTD we need to keep them as sub-interfaces and group them into a small number of Zones. At GUI I configured Source -> Zone1.Subint...
Hello, Our wildcard certificate on our prod ASAs (VPN headends/gateways) will expire in a month or so. When reviewing the status of the wildcard cert in ASDM by going to Certificate Management\Identity Certificates, the "Expiry Date" shows that it w...
I am trying to test if our ssh parameters are correct on our cisco routers, and my coworker tried something I'm not sure is working : connect from router A to router B via ssh, and form there connect from router B to router A via ssh A -ssh-> B -ssh-...
Hi All, After upgrading to 7.0.1 and/or 7.1 our Cisco Firepower 1010 devices suddenly stopped forwarding packages on ports configured as switchports, routed ports works perfectly, and the ports that stops forwarding is random ports, and we have to sw...
The diagnostic interface is reachable over a VPN tunnel by our NMS server (can ping and ssh into it), but the firewall (ASA 5508X running FTD 7.0.1, managed mostly by CDO except for SNMP and DHCP relay (argh!!)) isn't responding to SNMPv3 queries - ...
It appears this particular firewall is not acknowledging the last rule prior to default action. Its the only firewall in our fleet ignoring that rule. I test all other firewalls and confirmed they are matching. I made sure the zones are applied to in...
