I might not be understanding the content of https://www.cisco.com/c/en/us/products/collateral/security/firewalls/bulletin-c25-743178.html, or maybe I'm overlooking something.The documented schedule seems to indicate that code revisions released in th...
Forum Posts
In the documentation, I can see a control-plane ACL will permit/deny traffic towards the ASA itself, which is typically control plane, will this extend to nat traffic towards the device? Edit: What would the security risks be if this was opened up ...
Resolved! host scan image
Where Can I download the hostscan-6.x.pkg on Cisco Download Section?
HI All, we are configuring the IP SLA on Cisco Router,we have two Internet links and one router.I am able to reachable the internet from my PC via 2nd ISP, when I unplug the 2nd ISP cables, now the Primary static route is not showing, and the primary...
Hi,I have a problem with ASA5506-X 9.8(2) since I cannot create L2TP VPN to ASA5506-X through ASDM. After completing the wizard I am getting an error that NAT is not complete.I remember from old ASA5505 that there was easy to create NAT exempt rule. ...
The Cisco Secure Design team wants to better understand how you and your team think about your organization's IT and security needs- especially how your team plans to achieve user protection. If you’d like to be considered for this research, please t...
We are using CISCO Firepower Management Center for VMWare with software version 6.1.0.3 (build 57) and Software Version 6.2.3.14 (build 41). During our VAPT assessment it’s been detected that this use weak cipher and TLS. I did login via web browser...
Hi. I dont know what is happen with this behavior. I have a public service exposed to internet from my DMZ, and when i ran a Nmap to see what ports is open, i see RDP and that is not allowed on my company. Doing some test, created a rule on top of ev...
Hi,After restarting a FTDv in Azure the device constantly cycles through the initial setup script, see output below.Has anyone encountered this/able to offer any advice on the fix? FTDv-FW login: adminPassword:Last login: Wed Feb 14 20:34:32...
hi.i have a strange problem.i have Redundant ASA5510 setup (active/passive)users have been using IPsec and SSL vpn for a long time without any problem.now some users want to be able to access bookmarks and company data through the Web portal.i have e...
Hi, I'm getting an error about expired certificate from FXOS: #show fault Major F0853 2018-06-02T13:06:08.798 126445 default Keyring's certificate is invalid, reason: expired. If checking further: #scope security #show keyring default ... Signature...
Hi,We are trying to create a rule to allow outbound sftp, ssh & sql traffic based on URL/hostname but we are not getting any luck. We are seeing the traffic but it is being captured as Application and IP address without any url/hostname information....
Hi,We have a FTD version 2110; we need to replace it with a newer FTD version 2140;I wonder if you can share any tips or info on proper process upgrade/replace old version of FTD appliances with new FTD appliances?The goal is to make transition as sm...
Resolved! SFR sensor upgrade fails readiness check
Hey all, 3 ASA 5516-X with sfr modules running 7.0.4 on ASA 9.16(4) with vFMC running 7.0.5 on ESXi 7.0.x latest build. When attempting to deploy the 7.0.5 upgrade patch to the sfr modules, they all fail the readiness test with the following error: R...
hi,i have 2 private IP that would need to configure to a NAT pool of /29 public IP.can someone confirm if below config is correct?do i need to add the "flat" keyword to "PAT" using 1024-65535 dynamic ephemeral ports or this is automatic?will both pri...
