Network Security

Resolved! Firepower 4110 Security Module/Engine Not Responding/Inaccessible

Hello,I am working on a regular update cycle with several Firepower 4110 / 2110 / 2140.I installed the update from 6.6.4 to 6.6.5 on up to eight HA Cluster but the last one failed.(so four identical Cluster with Firepower 4110 HA Cluster)So the firs...

FPR2110-ASA License

Hi All would anyone be able to point me in the right direction on what licenses i would need to cover the below FPR2110-ASA to work in HAFW + AVC + IPS functionality Many Thanks

Cisco FMC Scheduling - reoccurring tasks showing 'Not run yet'

I created three tasks on FMC (6.6.5). The 1st is a weekly software download that occurs on Saturday @ 12:00 Am. This is a 'Download Latest Update' and both Software & Vulnerability Database are selected. The 2nd is to install the latest Vulnerabil...

Resolved! License for FPR-1010 with ASA image (ver. 9.13)

Hello, I have purchased FirePower1010 with ASA image and now want to use Remote Access VPN, HA, and URL filtering feature. Now the license state is as follows. =====License mode: Smart LicensingLicensed features for this platform:Maximum Physical In...

Network Object Limit on Cisco FMC

So initially we deployed a pair of FTD's 4120's running 6.6.4.We ran into an problem with limits to groups size as we have more than 100 entries in some of our groups. We had to split the groups, ( each group had not more that 100 in each).Since upg...

Firepower FMC and Webex MS Teams Best Practice

Hi there, are there any best practices out there how to setup Firepower via FMC with Prefilter, QoS or Trust rules to bypass traffic for web conferencing (MS Teams and Webex)? We see audio issues and poor audio/video qualtiy when users are sitting in...

Resolved! Modify Default username 'admin' for Cisco Firepower

Is it possible to modify default username for Cisco Firepower devices specifically 'admin'.. i dont think it is but not sure. can i get a reference document for it ? i am being asked as part of Build Compliance to modify username of all default accou...

Resolved! Disable TCP Checksum verification in FDM

Hi, Is there any options to check and disable the TCP Checksum verification in FDM? I want to know about this in FDM. I have checked this option in the FMC network analysis policy.

ASA 5585-X, slow OSPF convergence after failover, 180 second

Hello everyone, We faced this issue more than year ago. Software version is ASA 9.12.4 or 9.6.4. We had few cases in Cisco (like 692054705) and in our local support partner. But it looks like nobody have real willing to do anything with this bug. Aft...

Help to create flexconfig to reset interface or reboot fp1010

I have my Firewall set as my outside device. It is using dhcp from my ISP Verizon to get its public ip. The problem is Verizon changes the ip and the firepower doesn't retry the Dora process to get another IP. Is there a way to create a flex config t...

Resolved! Reach static NAT mappings from inside

GreetingsI've been playing around with FDM and an FTD 7.0.1 and I'm having trouble understanding how to reach a NATed host from the inside network. It's a pretty basic setup with 192.168.1.0/24 as my inside network and 10.10.10.0/24 as an DMZ with so...

Cisco ASA with 9.12-4-xx: SSL Ciphers Custom changes back to medium

Cisco ASA 5512-x with 9.12-4-37 in a HA-config.I have seen this problem on ASA 5585-X with 9.12-xx-xx When I use this following command on my ASA, it works problem less:ssl cipher tlsv1.2 custom ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-RSA-AES256-GCM-SHA...

Resolved! Firepower 1140 not passing traffic to internet

I am a problem with my Firepower 1140 using only the FDM. I am new to Firepower devices, I have static routes from my switch to the Firepower can ping both end points from the devices. But my switch cannot get to the internet I tried an auto NAT rule...

How to make rule policy source-ip or destination-ip with naming URL

Hi Everyone , I would like to know ASA firewall can make rule policy source-ip or destination-ip with naming URL or can define object group for URL example object network Ahost test.local access-list Test extended permit tcp host x.x.x.x object-grou...

ASA failover primary / secondary active/standby

Hello, My primary asa has become standby and the secondary has become active.How to get the primary back to active and vice versa?

Network Security

Forum Posts

Resolved! Firepower 4110 Security Module/Engine Not Responding/Inaccessible

FPR2110-ASA License

Cisco FMC Scheduling - reoccurring tasks showing 'Not run yet'

Resolved! License for FPR-1010 with ASA image (ver. 9.13)

Network Object Limit on Cisco FMC

Firepower FMC and Webex MS Teams Best Practice

Resolved! Modify Default username 'admin' for Cisco Firepower

Resolved! Disable TCP Checksum verification in FDM

ASA 5585-X, slow OSPF convergence after failover, 180 second

Help to create flexconfig to reset interface or reboot fp1010

Resolved! Reach static NAT mappings from inside

Cisco ASA with 9.12-4-xx: SSL Ciphers Custom changes back to medium

Resolved! Firepower 1140 not passing traffic to internet

How to make rule policy source-ip or destination-ip with naming URL

ASA failover primary / secondary active/standby

Model Migration - 4110 Native to 4225 Instance S2S VPN Configs

ASA upgrade procedure on Hyper-V

Announcing the release of Firewall Migration Tool Version 7.7.10

CSCvx25052 - DOC: FTD Syslog messages 43000x missing from FMC

FMC API to get real time VPN/S2S tunnel and CPU/Memory perf metrics

CISCO FIREWALL 3105

Default Action Block - Log

Remote Access: Realm "Discovered Identities" using SAML

FTD bandwidth

EIGRP authentication FlexConfig FDM