Hi Experts,I am running a VPN headend with FDM on ASA 5516-X box. FDM is the customer preferred choice as it has GUI and he is not interested in going back to ASA image. Recently we had an email from customer after having a vulnerability assessment d...
Forum Posts
Upgraded FTD code on SM-44 inside a 9300 to 6.6.5.1 from 6.6.1. FXOS version is 2.8.1.143. After FTD upgrade and placing interfaces back inline, we instantly experienced large packet loss going south to north and vice versa through all interfaces o...
Hello Engineers, I am using DHCPD from the Firepower (2110, ver:6.2.3.16) for the Guest network users. - Guest DHCP Pool: 192.168.1.0/24so far, all of dhcp binding has automatic. However, I would like to make static IP-Mac address for some reasons. O...
Resolved! 3850 Object-group
I'm working on end-to-end QoS and there are a lot of IP addresses when it comes to 365. I would like to use object-groups so the ACLs are not so long and it seems they are supported on the 3850s however, none of the commands work when trying to creat...
I try to migrate ASA 5555-X with 9.14(3) to Firepower 2130 with ASA image. Is best to do more system:running configue and copy and paste the config to the new firewall or better to do backup and restore from the ASDM?I'm worry that if doing copy and...
Hi, just started hearing about CVE-2022-22963 "Remote code execution in Spring Cloud Function by malicious Spring Expression" (https://tanzu.vmware.com/security/cve-2022-22963). Has Cisco made any statement regarding which products are affected and w...
Hi,Anyone else come across this issue? I've not found it detailed anywhere. We're on 6.6.5.1 (build 15) is it fixed it later builds?When POSTing an ICMP object in the FMC if you use a blank string in the icmpCode field it breaks the API. A GET reques...
So I'm new to FMC and I'm trying to get a grip on how things work. I have an intrusion alert that keeps coming up. "HI_CLIENT_DOUBLE_DECODE (119:2:1)"Problem is, it keeps alerting on non-malicious traffic (all internal traffic). How do I turn off thi...
Resolved! Vulnerability in router C2921
Hi We have a router C2921. When tenable scan vulnerability, we got the following info. Not sure if its vpn configuration issue. Anyone can provide suggestions to resolve it? Thank you of a VPN gateway and gain unauthorized access to private networks....
We recently updated FMC and our FTD's to code 7.x. Are we able to build rules using MAC addresses yet?
Resolved! FTDv evaluation in FMC
Hi community,Is it possible to force FTD virtual that's managed over FMC be in evaluation mode or consume evaluation license from CSSM On-prem while other FTDs managed over FMC are running and consuming threat / url / malware licenses already? Thank...
We had a Cisco ASAV Standard Package virtual appliance installed in our AWS environment and there does not seem to be any available way to obtain the latest software OS to update the OS/firmware. It requires you to have access via Cisco.com to downl...
Resolved! ASA-AWS firmware version upgrade
How can I upgrade the firmware version of an ASAv running in AWS? I don't want to rebuild a new instance from scratch. So, is there a way to proceed with a simple upgrade CURRENT RUNNING VERSION = 9.6.2.1AWS AMI LATEST VERSION = 9.9.1.2 We have a...
Hi,I have two separate local network (old and new) and I put Cisco Asa between them. "New" network is inside network and "Old" network is outside network and I allow access for all subnet from new to old.Now, I want allow access from one host from ou...
Resolved! Allowing Ports to a host in cisco asa
Newbie question, please help.access-list OUTSIDE extended permit tcp any host 10.1.1.5 eq www This command will allow outside host to access internal host with the corresponding ip using the port 80, is that correct? Thanks in advance.
