I have three c1000 switches in my environment that are returning the following finding on our internal vulnerability scans: Name:Diffie-Hellman Ephemeral Key Exchange DoS Vulnerability (SSH, D(HE)ater) Severity:High CVE:CVE-2002-20001 Descri...
Forum Posts
Dear Folks, I have Cisco FPR-4112-NGFW running with Cisco ASA Image with multi context mode. My customer wants to move into FTD image. running with multi context mode?Can we run Multi context with FTD image on FPR-4112 platform? In FTD, Will Multi co...
Hi,I am charged with replacing our ASA 5525 with a Secure Firewall 3100. the current ASA is bloated with a lot of dated configuration. However I have managed to consolidate the NAT rules but there are still a lot. How do I copy/paste the NAT from ASA...
Hi all, I have an FTDv in Azure and traffic going towards the public IP is not being natted towards an internal server. I see the traffic hit it in the packet capture but no nat rules are applying and it is not being forwarded inside because of that:...
We've just setup 3105s in HA with a FMC When we failover the FW, and check the route table we cant see our default route on it. it takes over 20 seconds for the static route to be populated in the routing table. The outside interface is up and con...
Resolved! anyconnect vpn failed attempt logs
Hello,My firewall (cisco asa 5516X) is being hammered on with user accounts attempting to connect to my vpn via cisco anyconnect client.These are bad pword attempts and locking out these users. I have Microsoft MFA enabled for anyconnect connections,...
Resolved! SFP Down on FPR 4100
Am trying to configure the Cisco FPR 4112 box. So far Chassis management has been configured and am able to access and manage the box ok either via SSH or Firepower Chassis Manager. The connection to the box via the chassis management port is success...
Hi, On ASA we used "userPrincipalName" attribute as username for VPN as we wanted everybody use email address as "samaccountname" is too short for some users. How this can be achieved on FTD managed by FMC? (both version 7.4) Thanks
SPI Enabled or not in FTD My auditor ask the below points evidence, kindly check and pls help us1. Provide screenshot to show stateful inspection enabled on external firewalls in scope.2. Provide screenshot for anti-spoofing access list or similar se...
Threadname: PTHREAD-1756Rip:Version: 9.20(2)21Hardware: ASAv0x0000000000cb72c7 : snap_mini_dump+151 at ../infrastructure/finesse/snap.c:9020x0000000000cb73ff : snap_dump+95 at ../infrastructure/finesse/snap.c:25450x0000000000cbb11d : snap_handler+573...
Resolved! FTD Route based VPN Question
HiI am just configuring a RB VPN between our FTD and another ISP and I notice the option for backup VTI, does this allow me to add a different source VTI and a different remote Peer IP Address for resilience within the same RB VPN ?? if so how do i a...
Resolved! FTD ICMP question
HiTo allow icmp to traverse a site to site VPN between 3rd party and us is it just the same as allowing TCP/UDP or do I have to do something different? I have created a static uni-directional identity nat rule also the traffic is to be initiated from...
Could you tell me about the subject matter? Recently, we replaced the equipment from ASA5516-X to FPR1120-ASA-K9. In the previous ASA5516-X, the connection was ASDM to the IP (192.168.1.1) of the inside interface in the VPN connection state with An...
Hello, We have a pair of ASA-5555 in spare that we want to re-use these devices. One of the ASAs is no longer showing its Interface Card module. The other device which is the same model with the same modules is showing the module. Name: "module 1", D...
For those of you that have been patiently waiting - 7.4.1 is now live on Cisco.com This release enables the 7.4 feature set for all FTD Devices (excluding those already EoS) as well as delivering additional feature capabilities and a tonne of improv...
