Hello! We are preparing to install a 2110 FTD 6.2.2 High Availability pair (managed by an FPMC). 1. Is it possible to use a wildcard certificate? 2. If not, is it possible to use SANs? Each FTD has to have its own unique name, such as ftd1.<dom...
Forum Posts
I am planning on upgrading my trusty 5506-X to a 5508-X and I would like to know if I can expect an interface performance improvement for the on device management option in ASDM. The 5506-X is quite slow, and I have gotten used to it, but if I am goi...
We have the rquirement from our management to use a four eyes principle (Admin1 makes a rule change, Admin2 has to approve in order for it to be deployed) so mistakes like one admin brings down the whole company with one misconfiguration can be avoid...
Hi All, I have recently built an ISE 2.7 instance and I am trying to configure TACACS authorization based on the Group the user belongs to. I can do this with an AD (External Identity Store). But when I try to do the same with Internal users and grou...
Hello,When using SAML for authentication on Cisco FTD and authorize only for secondary the username is masked out by the assertion token. Are there any attributes in the SAML token that can be used for authorization? Say, if I wanted to switch tunn...
Dear Community, I had a couple questions regarding the Security Intelligence piece of the Access Control Policy: 1) Is there a way to drill down into the Network and URL Feed Objects to see what IP's and URLs are actually contained within? For exampl...
While I was configuring my ASA 5506-X NGFW , the management IP address has reset suddenly and am unable to use the management web interface to configure the firewall. I tried to set the ip address using the command configure network ipv4 manual 10.30...
Resolved! Hide a subnet to another subnet - NAT
Hi An easy question for the experienced Cisco Community. I'm configuring an ASA5506 for a simple task. Yes, I know - it's old, but that's what I got right now. I need to isolate an IoT-subnet inside my LAN and I figured that the best way to do it, is...
Hello, I wish to update my ISR 4331's Snort virtual container using the community signature package. I understand the IOS commands to "configuring signature update from a local server", but I am not sure how to create the web page to post the signatu...
Resolved! FMC Firepower management interface
Hello, On an FMC 4000, is it a requirement to use the copper managment interface or is it possible to use a fiber interface as management? If so, how is that accomplished?
Resolved! Firepower Access Control Rule Inspection
Dear Community, I am wondering if there are any best practices when it to enabling the intrusion/file inspection on the Access Control Rules. Is it a good idea to enable the inspection on all rules or just certain ones? What are some guidelines/best ...
We want to implement a Cisco Firepower Thread Defense 1150 HA pair and are looking at the opions of adjusting the block page. The documenation is very thin about this topic. We now use a proxy server, that has limited adjustabilities of block pages a...
Could you please guide me to get the Visio stencil for - FPR1140-NGFW-K9 Cisco Firepower 1140 NGFW 1U Appliance.
Hi, When FMC active goes down,the standby do not become active. any solution for this issue.
We plan to deploy two firepower2130 and one vFMC. Since all devices are located in the restricted network, there is no internet access and no proxy Internet service. Can I use the classic license method to activate the device,or the features...
