Network Security

Resolved! Load ASA software on NGFW Firewall

We recently ordered FPR1120-NGFW-K9 when we meant to order FPR1120-ASA-K9. I understand that the hardware is same; as such can we just load the ASA software into the device when we receive it and use that?

ASA to FTD Migration - QoS

Hello everyoneI'm trying to migrate a QoS configuration from cisco ASA 9.8.4 to FTD 6.6.1 (using FDM or FMC ).The issue is about the ACL for QoS match is using a time-range and that point is very important for the migration.1- In FMC I checked the Qo...

Resolved! FTD 2100 HA Pair

HiWe have a Pair of FTD 2100 in HA I have been tasked with breaking this HA pair as we are reverting to single device, i cant seem to find any decent documentation on this can anyone point me to this and also provide instructions on breaking the pair...

Resolved! cisco 5525 ver 9.8(2) how to enter a 4096bit ssh public key?

asa 5525 Version 9.8(2) We all have 4096 bit public keys. These apparently are too big for the character buffer (ERROR: Input line size exceeded available buffer (510 characters). in other cisco gear I've used "fold -b -w 72 ..."on the *nix box, ...

5506-X DSCP Filtering Capabilities

Hi there, I have been trying to implement DSCP filtering on a ASA 5506-X, using class maps. But have not been able to get it configured and working. It seems that the commands to do it are there, but looking at general DSCP filtering examples, I'm ...

Resolved! SSH Algorithm

Hello Our internal network security team has idntified Vulnerability regarding the SSH server within the catalyst switches.As per the Vulnerability team SSH is configured to allow MD5 and 96-bit MAC algorithms for client to server communication.These...

Firepower Access Rule L7 Usage

Do the Firepower appliances have the ability to show the L7 apps used by a rule similar to Palo Alto's Usage feature? From what I've found, the only way to see the app used by a rule is to check the event explorer and filter on the rule name. This us...

Resolved! Change nameif to another logical name

hi,i would need to change one of the ASA logical nameif in order to standardize it.i know i've done this before but was a very long time and couldn't remember whether changing the nameif will 'auto' update any related config: ACL group, routes, HTTP/...

Response Traffic is blocked by Firepower

Dears I have allowed to access a websever on HTTPS port onlythe problem is when a client tries to access HTTPS , firepower will allow client to access webserver and in event viewer will show ClientIP:sourceport to WebServer:443 allowed but the prob...

SSL Decryption Placement

Hi Guys,I am just wondering where is the best placement for a firewall doing an SSL decryption? If I have a multi-tier firewall in the network, tier-1 which is facing outside network will definitely needs SSL decryption but how about internal firewal...

Cisco Prime and ASA

Hi all, Possibly posted in the wrong place but after some advice please. We have Cisco Prime infrastructure 3.1 and we have added our ASA's to it (5555-x and 5585-x). I have read that these devices are supported but it does't say to what degree....

Redis behind FTD performance issue

I have number of servers with Redis Pipeline (redis.io/topics/pipelining) enabled. A FTD is managing routing access between servers like this:Redis client --->FTD--->Redis Servers192.168.2.10/24-->192.168.70.33/24192.168.2.10/24-->192.168.70.34/24192...

4110 FTD 6.4 - Active Standby HA ISSUE with upraging FXOS to From 2.6(1.174) to 2.8.(1.143)

I am about to uprade two FTD 4110 FXOS. The first upgrade has been succeced on the Secondary and then I tried do run the same steps on the primery FTD. I has been runing upgrade in more than 2 hours on the primery FTD now and I am soure that some thi...

802.1X EAP-TLS

Hello everyone, I am currently in the process of rolling out Dot1x in a small classified network. The network has the following: (12) Windows 10 Machines using native supplicant software(1) Cisco C9300 acting as the authenticator(1) Cisco ISE acting ...

Firepower blocks response data from initiator IP

Hello Dears Why does some traffic is blocked in firepower for example from 2.2.2.2:3344 to 10.1.1.10:443 is allowed while response back from 10.1.1.10:443 to 2.2.2.2:3344 I only allowed traffic from public (2.2.2.2) to reach 10.1.1.10 on port 443 ...

Network Security

Forum Posts

Resolved! Load ASA software on NGFW Firewall

ASA to FTD Migration - QoS

Resolved! FTD 2100 HA Pair

Resolved! cisco 5525 ver 9.8(2) how to enter a 4096bit ssh public key?

5506-X DSCP Filtering Capabilities

Resolved! SSH Algorithm

Firepower Access Rule L7 Usage

Resolved! Change nameif to another logical name

Response Traffic is blocked by Firepower

SSL Decryption Placement

Cisco Prime and ASA

Redis behind FTD performance issue

4110 FTD 6.4 - Active Standby HA ISSUE with upraging FXOS to From 2.6(1.174) to 2.8.(1.143)

802.1X EAP-TLS

Firepower blocks response data from initiator IP

On-Demand Webinar: B&M Security Transformation with Cisco XDR

Congratulations to the Event Top Contributors Class of 2024!

Knowledge Hub: Cisco Technology for Securing the Enterprise

Cisco + Splunk: It's a new day for your data.

Announcing Resources That Guide You to Success

Cisco IPS & Symantec ATP CAS - Oracle Java

Question on S2S Tunnel to Azure using FTD or Azure Native S2S

Setting out TCP MSS on FTD only for non-ipsec endpoints

Cisco Stealthwatch ipfix exporter

FTD Configuration Resource Utilization

Emergency Reset Appliance

Cisco 2130 FPR Upgrade

FTD issue with Anyconnect authenticating via AD

Windows Directory Rule on FMC

VPN failing to come up following migration..