Hello,As i understand syslog id 111008-111010 can be used as an audit trail to record the changes in Firewalls...However, does an audit trail corresponds to policy change only ?Suppose a user runs "permit traffic same security intra-interface" can th...
Forum Posts
Under vanilla IOS, is it possible to use both TCP flags (established, syn, rst, etc.) and service object groups? For example, I can create an ACL that only allows return traffic from established Telnet and SSH connections:ip access-list extended DEMO...
Dear Community,I read in a post online recently that in some instances pushing policy to your FTD's from the FMC may cause the Snort process to restart, potentially causing traffic disruption. I was wondering if the following actions may cause traffi...
Hello, I have a question about licensing. As I read, FMCv in Azure supports only smart licensing and the ASA with Firepower Services requires traditional licensing. So, am I able to manage the FirePower Service Module (in the ASA on premise) with the...
Hello,I am doing a migration from a multi context ASA to a single context FTD. Both contexts in the ASA had a lot of sub interfaces and I want to make sure we don’t leak any traffic between the interfaces previously belonging to the two context.Inste...
The basic Threat license on a Firepower 2110 is "L-FPR2110T-T-1Y". List price is US$2589.40 for one year. "L-FPR2110T-TMC-1Y" is for Threat, Malware and URL Filtering and list price is US$6602.97 for one year. Contrast that with a Firepower 1010: $14...
Hi,Why do I see two entries on the FTD Analysis page for each user, even though the users have authenticated and connected to the RA VPN? Thank you.
Hi All, The more I read about this topic, the more I get confused.I am pretty clear on the deployment modes, routed and transparent modes and how they work.Again, I clearly know how the interface modes work.The source of confusion is the combination ...
Resolved! Cisco ASA
I have a Cisco ASA 5516-X with a new interface that I am setting up for Cisco AnyConnect. I have gone through the AnyConnect VPN Wizard but I am not able to get to the IP address that I have configured (12.190.109.100) from outside but I can ping it ...
How do we mitigate the following vulnerability on our ASA. We have received this output from penetration testing.
Resolved! Firepower and FMC Upgrade
Hi All Have this model Model - Cisco Firepower 2130 Threat Defense Software ,6.2.3-83 VDB ,290.0 Rule Update - 2017-09-13-001-vrt (1) I would like upgrade to the the latest version. I do not have Support contract. So I would like to know the price f...
Resolved! Escalation for FDM on FTD
Hi Cisco I would like escalate to Cisco Technician. After few days of try to get things working with FDM to get Identity NAT Working. I have the a problem as my there seem to be handover problem on one of the legs for FTD. I have enclosed the confi...
Is it possible to block a device trying to connect via AnyConnect with the Cisco AV pair mdm-tlv=device-platform=apple-ios? I have created an AuthZ rule which denies Cisco·cisco-av-pair 'contains' apple-ios, but it never matches the rule.
Greetings to All, May i know is it possible if i want to upgrade Firewall Secondary (Passive) first with higher firmware compared to Firewall Primary (Active) still running with the lowest firmware? After completing the firmware upgrade, i will fail...
good day all looking to get our FMC to show more than 'No Authentication Required' in the 'Traffic by User' paneland also to be able to Apply 'Identity Policies' we have no ISE environment , and not really looking at the full-fledged setup either. s...
