Network Security

FTD HA with pair of ASR1002

Hello,I 'm trying to work out the configuration to provide HA (Active/Standby) between two FTDs running on two FPR4120 to a pair of ASR1002 routers. Each router has a link to each of the FPR4120s. The FTDs are running as routed. EIGRP is will be r...

Resolved! FirePOWER Updates

From the FMC / System / Updates - For Sensor patches and also FMC patches, do I need to install them one at a time or can I install the latest one only which will cover all patches beforehand? E.G Lets us assume that for a sensor I have available - 6...

Resolved! Sending ASA logs to Multiple Syslog Servers with different Severity levels

Hi,I have ASA 5555-X running IOS Version 9.12(3)12. I have 2 Syslog servers. I want to send debug messages to one of the servers but only specific messages to the second server as it has limited capacity. Does anyone have an idea on how should i filt...

VPN configuration on Cisco router 2911

Hi I have Cisco 2911 and iOS version 15.0(1)m7Site A and B. Both side site public IP is dynamic. I would like to know is it possible to configure VPN between them. If it's possible please explain what kind of vpn is suitable.Thank you

cisco ios router self-signed certificate warning pop-up on anyconnect VPN client

Hi, Is it possible to download self-signed certificate from cisco IOS router to update on a computer.We are trying to stop warning messages pop-up while connecting to anyconnect VPN client.

TLS 1.0 suites in server-preferred order - ssl encryption

Hi,ASA Software Version 9.1(7)23Cisco ASA 5520We ran a test for our VPN firewall on Qualys website and it showed some week configuration points. i.e. TLS1.2 is not enable TLS1.0 is enable. I understand TLS1.2 is not supported in this version.Under t...

Resolved! Inbound NAT issue with PBR on ASA

I have an ASA (9.6.3) with two interfaces connected to the Internet. The ASA default route is pointing to ISP A and I have PAT and NAT using ISP A working fine. I have a route-map using PBR that sets default next hop for certain clients to ISP B. ...

ASA "icmp" question.

Hi Experts,CLI Reference for "icmp" command states "The icmp command controls ICMP traffic that terminates on any ASA interface." As I read it, this is filtering on ingress (ie. incoming ICMP message).But this example in same document throws me off:T...

Firepower MFA Client Certificate

Hi all, My org is looking to implement a per-device or per-user client certificate to accompany uname/pw authentication in AnyConnect. Is it possible to do this in Firepower Management Center? We are interested in preventing our security from being c...

Firepower URL / APP filtering

Hi,Has anyone had any issues with these rules allowing traffic they shouldn't be ? We've had this twice that we know of. The first time around someone added a rule that wasn't specific enough and didn't enable logging so there were lessons learned ...

ASA Captive Portal Certificate

My users are not very PC savy so when Firepower redirects them to the captive portal, sometimes they do not click continue to proceed to the portal (since its a untrusted https site), so i want to apply a internal trusted cert to it so it takes them ...

IP Source Guard & Multiple Routers

Greetings!I am currently working on securing a small business network. We have 2 RV340 routers connected together. Router 1 (R1) is connected to the modem and Router 2 (R2) is connected to R1's LAN port from R2's WAN port. The intent is to have R1 co...

Problem with PPPOE link on ASA 5506-X

Hello folks,we have 20+ branches for one of our customers connected to our DC via L2L IPSEC tunnels. one of their newly open branches was installed with ASA 5506-X as FW with two internet connection links. I have configured PPPOE for one of interne...

Resolved! Determine or verify hotfix version Firepower Threat Defense FTD

Hi!We have a firewall installed with the 6.5 track.Exact FTD version is 6.5.0.4FMC version is 6.5.0.4-57I have patched with hotfix "Cisco_FTD_Hotfix_H-6.5.0.5-2"FMC reports successful installation of hotfix, but in GUI it still says 6.5.0.4.When I ch...

Local Time issue in cisco asa firepower module

Dears,In cisco asa firepower module's show time output, two times are shown. 1. UTC - Thu May 21 03:24:29 UTC 20202. Localtime - Thu May 21 08:54:34 IST 2020 My queries-Our external syslog server is receiving logs from this module with time stamp men...

Network Security

Forum Posts

FTD HA with pair of ASR1002

Resolved! FirePOWER Updates

Resolved! Sending ASA logs to Multiple Syslog Servers with different Severity levels

VPN configuration on Cisco router 2911

cisco ios router self-signed certificate warning pop-up on anyconnect VPN client

TLS 1.0 suites in server-preferred order - ssl encryption

Resolved! Inbound NAT issue with PBR on ASA

ASA "icmp" question.

Firepower MFA Client Certificate

Firepower URL / APP filtering

ASA Captive Portal Certificate

IP Source Guard & Multiple Routers

Problem with PPPOE link on ASA 5506-X

Resolved! Determine or verify hotfix version Firepower Threat Defense FTD

Local Time issue in cisco asa firepower module

ASA upgrade procedure on Hyper-V

Announcing the release of Firewall Migration Tool Version 7.7.10

CSCvx25052 - DOC: FTD Syslog messages 43000x missing from FMC

FMC API to get real time VPN/S2S tunnel and CPU/Memory perf metrics

Firepower 2130 -how to resolve plugin 70658 SSH Server CBC Mode Cipher

EIGRP authentication FlexConfig FDM

Issue with FPR-1150 CDO License and 90-Day Log Retention

FTD FMC managed back up to FTD FDR managed

Cdo manage Ftd

Cisco ASA 5525 Migration to FPR-1140