Enabling our customers to leverage their install base and take them to the next level with Cisco Secure Firewall Threat Defense has always been a key priority. The migration tool is available for download to migrate the configuration on the on-premi...
Forum Posts
HII have a strange issue on my Firepower Management Center virtual.As shown attached picture, our FMC running software version 6.4.0.10He has a normal internet connection configured, and is registered with it's smartnet contract.I can install produc...
Resolved! Cisco ASA IPSEC VPN
Hi Do we have support for stateful failover of SITE to Site IPSEC tunnel on Multicontext mode.?I have pair of ASAs 5515-x with 9.8(2) i read the ASA Document...however still not clear. Guidelines for IPsec VPNsMulticontextContext Mode GuidelinesSupp...
Resolved! SFR license issue on FMC
Hi, would anyone please explain to me how to resolve unlicensed sfr devices issue?Issue: We have registered all premium features on the FMC with Cisco PLR license, then we added SFR modules to it expecting those will be licensed as well but still not...
Recently a particular DNS request is being dropped by the rule “MALWARE-OTHER dns request with long host name segment - possible data exfiltration attempt” and this is affecting our access to that external resource. We looked over that event packet i...
In the Access Control Policy, we have mainly 2 rules in order: rule #1: Name: whitelist certain connections; Source Network: 192.168.1.5; Dest Network: 10.10.0.5; Action: Allow ("Drop when Inline" disabled)rule #2: Name: threat inspection; Source Net...
We have Cisco ASA in "active-active" clusters , if there is a change of roles from master to slave (or vice versa) on any member of the cluster, there is a chance that the NAT pool ownership may not get transferred in the process. As a result, the ne...
Dear Community, We have implemented Firepower 2140 FTD's in a routed/inline fashion. We would like to begin enabling Inspection on some of our ACP rules (starting with the Outside -> In Rules). However, we only want the Intrusion Policy to "monitor" ...
hi expert. i am new at cisco asa. i tried to resolve my lab but fail. please help. at DMZ has a web and dns server. public user not access my web server. // julhas
I have a HA cluster of FTD (Active/Standby). On FMC, the monitoring is complaining failures in screenshot below for the Standby FTD. Everything is healthy on the Active primary FTD and FMC... I do not see any blockings or DNS issues...Any suggestions...
DNS based Security Intelligence blocks attempts to resolve black listed names in DNS requests.Does it also block DNS responses containing referalls to black listed names? For example, I try to resolve A (which is a white name).The response does not c...
Dear community members, a customer have to regenerate a S2S-Tunnel (IKEv1) on his ASA runneing a 9.X release but the IPsec Proposal is still missing (see attached ASDM screen dump).He has still an old ASCII configuration but he cannot find a IPsec Pr...
Resolved! 25 Compromise host-FTD/FMC
Hello Team,Getting Alarm for 25 Host compromised by SI system of FTD/FMC. Source of the hit is showing CNC.. which is already blocked by the policy.. Not sure then why compromised host is showing. This devices are not there in prefilter policy.. The...
I upgraded my ASAv to 9.15 and the rest api package to 7.15. However, authentication always fails even when accessing the /doc/ url on the asa. Any thoughts? If I roll back to 9.14/7.14 it works.
Hi. I am struggling with cisco packet tracer, i am a beginner in this field. I just build 3 vlans for my internal network that i want to connect to my firewall. I cant seem to connect it to the firewall. I just cant figure out how i should let the fi...
