Hello, I am having a hard time finding Cisco's recommended or best-practice for this and so, maybe someone can help! We currently use an ASA with the Firepower service module. All traffic that is allowed on the ASA proceeds to be inspected by IPS. We...
Quick question please...CSR 1000v ACL syntax-- use wildcards or masks?Thank you.
I am using FTDv version 7.3 FDM to configure policy-based VPN using a Hub and Spoke topology in a lab environment. The spoke's VPN profile uses two different outside interfaces as it's source (outside1 & outside2). Each spoke dynamically pulls it's o...
I have a SG350 switch between a ESXi host and a PaloAlto firewall.I'm trying to use private-vlan but I cant get any traffic to work between them.Topology:ESXi - SG350 - Firewall(gateway)The configuration in short looks like this:ESXi;private vlan in ...
Hi All, We are facing an issue with the FPR 2130 network module 1G and 10G with version 7.2 onwards in FPR 2130We can see the network interfaces of FPR 2130 in built and Network module with version 7.0.4 but with version 7.2 onwards we can see only t...
Hello community, My client has around 30 FTDs which are managed by the same FMC. I want to upgrade FMC but, to do so FMC requires to deploy all pending FTDs, which in our case they are like 15 FTDs which at the moment are offline and I cannot deploy ...
For IPsec Site-to-Site VPN, is the Firepower 2100 running FTD code supported/recommended or should we stick with the ASA code running on the FP2100?
Have an ISPEC tunnel between an ASA and Router that will go down periodically and not be able to be brought back up and/or both sites can't reach each other unless the SAs are manually renegotiated on my end. Below is debug for platform/protocol 127 ...
Good Morning,Could someone please help me figure this out?I want hosts on 192.168.190.0 /24 (VLAN 10) to be able to have tcp communication with our screened subnet (VLAN 50) 172.20.33.0 /24 on certain ports, and blocking the rest with an ACL on the A...
We are working on migrating our Anyconnect VPN services from ASA to FTD and have been reading there is native load balancing available on the ASA but not sure if it's ready/available on FTD. Also, we have Kemp load balancers that are possibly availab...
We couldn't get SNORT updates, the error was Peer certificate cannot be authenticated with known CA certificatesI connected via ssh, opened an expert shell and started checking log files and I found a lot of thiscurl: (60) SSL certificate problem: un...
Hey gang:I'm updating my logging lists and would like to know if there is a list of syslog messages by event class (I found the list by severity level). If not, is there some way to identify the class by looking at the syslog message number?Thanks.
Hi, in the log messages for 302013, on outbound, is it possible to determine the source IP. Meaning who is the IP that initiates the connection? Or is the inbound/outbound indication + IP location in the message only indicating of the security levels...
Hi, I noticed something strange and wanted to share with the community and see if this someone has some info about this behavior. We have a daily Snort Rule Update set on the FMC ( probably not the best option - now I am thinking that weekly would be...
*This is branching from a previous post in a different section. After learning more I figured I'd ask the question in the correct section* Hi,I have a situation where these things happen, I'd try to describe it as thorough as I can.1: I can start a c...
| User | Count |
|---|---|
| 23 | |
| 11 | |
| 11 | |
| 9 | |
| 7 |
.jpg "VIP Expert"){kind=icon}
