Network Security

Resolved! CISCO ASA 5525-X: Unable to reach public IPs from inside

Hi,I have an inside network and a DMZ, I have some services on a server that are published internally and externally with the same address: example.test.com. For external connections I have set up a reverse proxy server in DMZ. example.test.com -> 17...

Bandwidth Limitation 100M Burstable 200M WAN Link using ISR4431

Hi Guys,I need your help on how to limit the bandwidth from 200Mbps to 100Mbps burstable to 200Mbps facing end customers interface? Is there any command on how to set this up? I tried the Class-Map with Policy map but when I'm in the pmap-c "police" ...

Test Case Security Features on FTD

HI,Pls suggest me how to to do the following tests in FTD (Case 1)Test Item -Detect Land AttackTest procedure /Reference - Same Source IP/port to destination IP/Port to be generated on the outside interfaceExpected result - Deny traffic should be sh...

FMC Depoyment

Hi, Can anyone please help me understand how often FTD gets deployed ? I am asking this question because in our environment I see deployment pending on few devices. Also I am seeing "applied policy is out of date" will this effect on FTD's ? Thanks...

FTD with asp-drop packet capture continues to run - can't stop

We had a previos TAC case open when the engineer created an asp-drop packet capture. It wasn't deleted, and we're having a problem today, so I decided to crank that up to see what packets may be dropped. Packets are flying across the screen, and I ca...

Unable to deploy Policies from Primary unit(FMC)

HI, I have Firepower (FTD) in HA managed through a standalone FMC, There is a peculiar issue, Whenever my Primary unit is active and I deploy , I get the error " Deployment failed due to communication Error", So I have to switch over to secondary u...

Resolved! Cisco ISE restore backup

Hello Guys!I have a question about Cisco ISE restore from backup file. I don't understand the option "include ADE-OS". In documentation I found: Option: include-adeosDescription: (Optional, applicable only for configuration backup) Enter this comman...

FMC- FTD (Primary Unit ) is not participating in HA.

Dear All,I have a standalone FMC managing 2 FTDs in HA, Recently I observed that Primary unit is showing disabled and secondary take on as active. During trouble shooting,It is found that I could not ping Manager(FMC) from primary unit [FTD]I could s...

[ASA5508] MEMPOOL_HEAPCACHE_0 2% free

Hi, Our monitoring is showing MEMPOOL_HEAPCACHE_0 2% freeCan anybody explain to me what it means and how i can fix the issue: sh verCisco Adaptive Security Appliance Software Version 9.8(4)25 Firepower Extensible Operating System Version 2.2(2.124) D...

ASA Punt-rate-limit multicast traffic

Our ASA [ver. 9.10(1)] does multicast routing and the source is directly connected on inside. Every once in awhile a multicast stream (group) does not get forwarded to the RP (outside) and is dropped (show mfib ), and stays dropped. Performing a clea...

Firepower HA Design

Hi all, i'm looking for some clarification. We have two firepower 1120 which we want to deploy in HA active/standby configuration.I have been reading up on my options around interface redundancy, and as far as I can tell we cannot operate with redun...

BGP Flapping between firepower and Nexus Switch

Hi, I have Firepower [FTD] in HA, Both the Firepower devices are connected to Nexus (93180 FX).I have configured BGP between Switches and and Firepower,While doing Firepower switchover or switch failover ( Shutting down on switch] , we observed that...

High Response in FTD Delay

HI,It's taking long time in active/standby FTD switchover,Is there any mechanism to minimize the fail-over time or is there any config required? Primary Unit to Secondary unit - it takes 5-6 seconds Secondary Unit to Primary unit - it takes 10-11 se...

Resolved! CDO and device certificate

Hello, I am trying to onboard an ASA device in CDO. I get the errorCertificate could not be retrieved for IPADDRESS:PORT To which certificate it refers to?How could I change it?

FMC/FTD object

Hi FMC/FTDI.m looking at creating an object for EOIP protocol (97)when I go to add new port object I select other tab and can see ETHERIP(97) is this correct and is it safe to do this, its to allow a capwap tunnel through. Thanks

Network Security

Forum Posts

Resolved! CISCO ASA 5525-X: Unable to reach public IPs from inside

Bandwidth Limitation 100M Burstable 200M WAN Link using ISR4431

Test Case Security Features on FTD

FMC Depoyment

FTD with asp-drop packet capture continues to run - can't stop

Unable to deploy Policies from Primary unit(FMC)

Resolved! Cisco ISE restore backup

FMC- FTD (Primary Unit ) is not participating in HA.

[ASA5508] MEMPOOL_HEAPCACHE_0 2% free

ASA Punt-rate-limit multicast traffic

Firepower HA Design

BGP Flapping between firepower and Nexus Switch

High Response in FTD Delay

Resolved! CDO and device certificate

FMC/FTD object

File and Malware Policy Not Logging File Events in FMC

ASA VPN Threat Detection - never shun an IP

FPR3130 multi-instance and chassis SNMP

CSCwn81217 - FXOS fault F1000413 ,need to clear the alert.

Announcing the releae of Firewall Migration Tool Version 7.7.0.1

Disable checking of SIP traffic on FTD via FMC

Fmc and ftd update order

Exporting NAT/ Devices objects from FMC (WEB Gui preferably)

cisco secure firewall migration tool offline mode

FTD PAYG licensing in AWS to enable AES256 Encryption