Enabling our customers to leverage their install base and take them to the next level with Cisco Secure Firewall Threat Defense has always been a key priority. The migration tool is available for download to migrate the configuration on the on-premi...
Forum Posts
I have two locations connected by dark fiber. At each site is a router with BGP to an ISP, the routers use iBGP between them, one is the default GW with HSRP. At each site is a 3120 with an FTD instance. Today I connected one between the inside inte...
Hello! We are experiencing an issue where, if one of the members of our firewall cluster, for example, the passive member, reboots, after the HA is restored, the active member loses the user identity information collected from the passive identity. I...
Hi, We are migrating Cisco ASA5555 to Cisco Firepower 2100 ASA, is it possible to transfer the license that we have on the ASA5555 to the new Cisco Firepower 2100 ASA? if it is, can you please share the Steps and Procedure on how we can do that. Than...
Running on a FP2130 with 9.18(4)34 but the same problem seems to occur on 9.18(4)40.I am trying to have a user belonging to multiple groups map to a single ldap attribute-map mapping the memberOf a group to IETF-Radius-Class for the group policy.The ...
Our FMC keeps throwing in the same VPN status event "VPN tunnell between FWA/peerip/subnetX and FWB/peerip/subnetY is inactive due to to Deleted backup session" Firstly any idea what a backup session refers to? If its a VPN SA, well I've checked the ...
Trying to follow DISA SRGs, and one of the requirements is to enable FIPS mode on our 2140 FTDs, managed by FMC. I am new to these so was doing some searching online and it sounds like CC compliance is what needs to be enabled.Am I correct in saying ...
We currently have ASAv deployed in Azure - Size Standard DS3 v2 (4 vcpus, 14 GiB memory). We are using an ASAv30 licence which will soon expire and we are considering purchasing another ASAv5 licence. However, I wonder if ASAv5 is limited to fewer vC...
I have a new instance on a 3120 with an inline pair, configured on a transparent FTD. It is a direct replacement for our Firepower 7125 appliance. We have a failover pair of ASA5555-X, one currently runs through a 7125 with an inline pair in front (...
Can anyone tell me how to get the rsa key file and the csr out of the FMC using WinSCP. I've seen so many video that show people using WinSCP to log into the FMC and get the .key and .csr file but they don't go into how WinSCP should be setup to get ...
Resolved! OpenSSH regreSSHion vulnerability in FMC
Hello. Do anyone knows if vulnerability CVE-2024-6387 affects Cisco Secure Firewall Management Center (FMC) VIRTUAL? I've been looking into the security advisory (https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-...
I'm trying to set up MAC filtering for a dpc3941b.In the dpc3941b MAC filter settings what is the difference between "Allow All" and "Allow"?Also, are there two different MAC lists, one for Allow and one for Deny?
I am currently doing initialization for FTD, but it seems cannot detect disk0, and it keep rebooting and eventually stuck at rommon mode. any idea how to fix it?
Please help. I have an ASA 5506-x connected to a 3750 swich. I cant ping 8.8.8.8 or anything external from the switch. I cant ping the other vlan subnets either ( the ASA has the route back to these). However, I can ping 8.8.8.8 and tracert successfu...
We have a Firepower 2130 that has all it's NAT rules/policies as being imported from our old ASA 5525. The ASA is still in production for a different purpose. While I can see the NAT rules on the Firepower, I can't edit them unless it's done on the ...
Host-A can ping firepower from inside to outside in range (10.10.10.0/25) but not in range of (10.10.10.128/25). If wild card 'ip route' at core-switch is set to follow (10.10.10.10.128/25) then Host-A can ping all ip's in that range. But all ip's in...
