Hi, DCE2_EVENT__CO_FRAG_GT_MAX_XMIT_FRAG signature events are being generated, and when reviewing it we see that the detected traffic is on high ports, both in origin and destination. According to the rule the traffic it inspects is ICMP.Are we inter...
Forum Posts
HiI have an SNMP server for monitoring and I want to allow outside interface devices to connect to the server, while I am creating static nat I get this error (ERROR: NAT unable to reserve ports).the used commands:ASA(config)# object network ZabbixAS...
Resolved! firewall throughput
Dears, I want to size a firewall, hence the customer told me that he has a video traffic in TBytes that he needs to transfer from MPLS link , but i need to size the firewall processing throughput how we can do that ?? the customer is not aware of co...
When I try to add sensor from FireSight, it pop-up a dialogue box "Could not establish a connection with sensor. Make sure the registration keys match, that the software versions are compatible, and that the network is not blocking the connection." I...
Hi Teams, Preprocessor(GID:122) are rule about portscan detection.These rules are disabled defaultly(Snort's base policyl:Maximum Detection also).So, for catch attacker's portscan, I have to enable these rules manually. Why are these rules disabled? ...
Hello, I am setting up my new FTD 2130, plan is to use user User certificate and AAA ( Cisco Duo ) for RA VPN.My CA infrastructure is running on Microsoft Servers, and I am having troubles finding information regarding certificate template and applic...
Hello, Today I was making a lab to test Cisco Clientless SSL VPN authentication by using certificates (Local CA) before a real deployment. Provisioned a standalone MS 2012R2 CA and a test client (win 7 ultimate SP1). On client I import the CA cert ...
hi all,I‘m looking for a firewall which should be used to act as layer3 gateway for ~15-20 vlans and segment traffic on layer3/4 between them! I‘m not 100% sure if it would make sense to use also IPS functionality for traffic which is most of the tim...
HI there I have some questions about firewalls, is cisco firepower capable of doing what is Fortiweb doing ? is the deep packet inspection is the same idea that used in Fortiweb ? or cisco doesn't have WAF, or even if it does can we say it is good a...
Problem: i can not ping lan PC to ASA outside interface(10.10.10.2)i can not ping ASA outside interface(10.10.10.2) to inside interface(192.168.25.254) or LAN PC.ciscoasa# sh running-config: Saved:: Serial Number: JMX1203L0NN: Hardware: ASA5520, 2048...
Hi,I´ve design related question about how a state-of-the-art security solution in a campus network should look like!Assuming that we use a hierachical network where should the Layer3 standard gateway for the clients should be set on? Should I use a L...
Hi All,Can someone tell me what is going on with my customer's ASA 5585? I was attempting to create an object NAT rule for an inside host, but the NAT section does not exist in the Add Network Object window. Also, "Add Object NAT" is not an option ...
Hello,I have a client that has been infected with malware. They use Cisco Umbrella and also have Cisco Firepower (no AMP license).It appears that the malware originated from a third party partner / contractor connection to my clients internal network...
We have a 5508 running the following software: "Cisco Adaptive Security Appliance Software Version 9.9(2)37"This is new to me, as the software configures like FTD - when you ssh in, you have to type "system support diagnostic-cli". I've never done th...
Hi,I have an 2130 FTD, with AnyConnect configured. The problem now is that, I can't protect the vpn ports with access control. I have a rule, but never hit any rule, and never show the hit of that rule Phase: 3Type: ACCESS-LISTSubtype:Result: ALLOWCo...
