I do quite a few ASA to FTD migrations and many customers want a "Big Bang" approach. I am familiar with all the Migration tools that Cisco offer but they do have their limitations. The limitation for me is that I have a customer who has 200 static r...
Forum Posts
Hello,we have running asa 5525-X with firepower module. I have enable Portscan detection in IPS rule and I can see portscans from internal hosts to ip adresses in the wwwBut when I do a portscan from a host in the internet to a extenal ip on the outs...
Hi All,It's been a long time since I worked worked with the ASAs but having to replace a 5520 with a 5515. The customer current ASA is running version 9.1.(7)23 and the ASA 5515 doesn't support 9.1.7. and asdm 7.1.5From what I can see there is not a ...
I hvae a new FMC 6.6 VM and 2 new 4115 NGFWs. In determining whether to use high availability for FMC, what is the effect of a failed single instance FMC? The 6.6 FMC documentation only mentions you lose event data if you only have one FMC and it fai...
Hi All,Hoping to get some help, and possible advice.We have a ASA5585, running on our corporate network. As is the case with many organizations, we have a growing number of staff working from home. We have been experiencing dropout connections to our...
Hi everyone, I am trying to configure alarm for failover via SNMP, but cannot find the appropiate OID with which I can do this.I have similar configured for ASA-5525 with OID 1.3.6.1.4.1.9.9.147.1.2.1.1.1 and is working.But on the FTD I don't find th...
Hello,I currently have the following versions in my Firewall: ASA: 9.5(3)ASDM: 7.7(1)FirePOWER: 6.2.0-362 I need to upgrade the ASA version to 9.8(4) but I am having issues to understand if I need to upgrade anything else. If I check the ASA and Fire...
Resolved! Export - FirePOWER Policies
Hi, Can we export policies from FMC in pdf or csv format for audit purpose.I can export it in sfo format only.
Hi, I am enabling IPS poly with "Balance Security and Connectivity" in our production environment. This IPS enabling is not going to break anything in production environment right and will only generate intrusion events. Even it sees a malicious traf...
Hi all, Could somebody please advise how do I fix the below vulnerability issue as I couldn't find any solution for it. Is this vulnerability a concern? Vulnerability Description -------------------- An NTP control (mode 6) message with the UNSET...
How can I configure ISE admin access to authenticate from RSA (external identity source), but then authorize base on AD group membership? When I set the authentication to the RSA Server, it does not permit me to change the Admin Group setting to an A...
I have a multi context ASA with several subinterfaces ..due to an architectural change i need to migrate 3 of its subinterfaces of a context and the related traffic to a new FTD Firewall.. Is it possible to do selective Migration ? i only want to mig...
Hello, Is it possible to change the source address for the FTD appliance (managed by FMC) so that it sources from the inside address which is allowed over a s2s tunnel, rather than the public IP? If so, is there an example out there? I want to send s...
Hi,we are using a Firepower 2100 series in Version 6.4.0.6 and Anyconnect for RAS Client Login.So as users opens database connections to our Oracle Servers, they will get an automatic disconnect from ORACLE after, i think 15minutes not using the ORA...
