Hello Cisco Team, Can anyboby done Application based Rate limiting in Cisco Firepower.As far as i know it is supported in Firepower 2100.But my Concern is do i need to install SSL in all my end point machines.if so then it is practically not possible...
Hi All.. ive setup with my 3rd party bank using NAT.for example.. if i want to hit their server, i would need SNAT from my side.if they want to hit my server, i would set for DNAT from my side. how about i want to hit their server and get hit by thei...
Hello, i hope you can help me,i have 26 remote sites connect to an ASA in Guatemala Downtown, in Guatemala DownTown live 2 subnets (10.150.86.64/27 and 10.150.71.160/24) i have ready the VPN from Remote Site and Guatemala DownTown, this connection it...
So I am just doing some testing on home lab. I have a bunch of ports under a group called web-ports (see attached). Internal PC is still being blocked from accessing the net and only works if I change from Web_Ports to all IP service. Any idea what o...
Hello I have an issue with NAT configuration packet-tracer input DMZ1 tcp 192.168.141.20 1212 192.168.140.20 445 Phase: 1Type: ROUTE-LOOKUPSubtype: inputResult: ALLOWConfig:Additional Information:in 192.168.140.0 255.255.255.0 insidePhase: 2Type: ACC...
We recently moved off our older ASA5510 hardware platform is favor of a 5506-X. After the upgrade we started noticing some extremely odd behavior on the 5506 forcing us back to the 5510. On the 5510 we routinely saw 500-1000 connections per-second...
I am in requirement of double NAT (Primary and Secondary) in Cisco ASA, I need to configure single public IP to 2 different Inside Local IP address, in any case primary IP address fails, ASA should nat public IP to secondary IP. How do I achieve this...
We have just received 18 ASA 5506 swap from the 42/82 RV's installed on our customers. Currently the role of the RV is to be the LAN gateway of the AP's, Loadbalancer, and VPN with the matrix of Oi for management.Now, as we know little about ASA5506,...
Hi, I've deployed an FTDv/NGFWv in an AWS VPC, changed the firewall mode to transparent, and registered it to an FMCv. I've attached two additional network interfaces to the FTDv in the same subnet "192.168.1.0/24". Now when I try to create a BVI...
Hi,Based in the following link: https://www.cisco.com/c/en/us/td/docs/security/firepower/fxos/fxos241/cli-guide/b_CLI_ConfigGuide_FXOS_241/interface_management.html#id_20107 in application management in FTD they have the following interface type:- Da...
Hi Everyone. I've been trying to setup a simple network which has 1 firewall, 1 switch and 2 PCs. Please see the attachment for the topology. My goal is that I want my PCs can ping 8.8.8.8 of the 'internet' switch (from my attachment). But for now,...
Greetings all, Want to ask the community if any native IOS-XE functionality exists to dynamically perform Geo-IP filtering on public Internet facing interfaces? Obviously you can do this with FirePower, but that is a next gen firewall that is design...
Hi, I need some help with Cisco ASA configuration. Basically I have one dummy switch used to feed my active/passive firewall. On that switch I have following configuration: ip subnet-zeroip routing!ip route 0.0.0.0 0.0.0.0 xx.xx.xx.113!vlan 101name i...
Let us assume i have a firepower sfr model running with older version5.3.X, now I want to upgrade that module to 6.2.xNow the question is, can i shutdown sfr and uninstall the existing version and upgrade the latest version ?Or I have to follow the u...
Hello, I attempted to migrate anyconnect from ASA to FTD. We currently authenticate users using certificates only. The certs are issue to domain machine via our internal PKI. I exported the pkcs for the public cert and enrolled in FMC and that worke...
.jpg "VIP Master"){kind=icon}
