Hello, I need a guide here. What is the best practice and the correct way to implement Firepower Policies/rues? We currently have the Firepower in production with no policies in place (all traffic passes through the Firewall without any inspection). ...
Forum Posts
hi guys,slight confusion on Cisco NGIPS high availability and clustering.My devices are Firepower 4125 with fxos and planning to run FTD on it.Total 4 devices - 2 in DC and 2 in DRCan i do Active-Passive failover with devicessome documentations menti...
Resolved! ASA standby IP on Tunnel interface
Hello. We are using route based VPN with IKEv2 on VTI interfaces on Cisco ASA, netmask is /30. Now we are planning on to migrate to Active/Failover cluster. Is it necessary to create a standby ip on a Tunnel interface or it will work fine without it?...
Hi, I would need some assistance on how to configure 2 outside interface. Each ISP (outside) interface have /28 IP Address and the other one is /30 IP Address. My intention is to put the servers behind the FW so each ISP is related to one of the insi...
Hello, We opened new branch ( A ) and successfully established site to site vpn tunnel with head office ( HO ).Head office ( IMI - HO ) already has site to site vpn connection with another datacenter which host application IFS.Problem is, In new bra...
Hi,I am having a firepower 2140 appliance which is running on ASA OS 9.x. Can I add a URL filtering capability to it. What would be the pre-requisites and licence required for the same. Note: We do not have FMC and we manage the device over CLI as of...
Delete this plz,Delete this plz,Delete this plz
ASA access to website via wan but not thru tunnel?Hello,We have an ASA that allows us to access a webserver (nat) when connecting to it on the wan (outside). We also have a pptp tunnel that goes thru the asa and terminates on another device on the in...
Hi Everyone, I have scoured the web and have nearly mirrored the setup as outlined here:https://community.cisco.com/t5/firepower/firepower-publish-internal-webserver/td-p/3672845 While following the guidelines for CISCO NAT rules. NAT works as expect...
Hello, We have an ASA that allows us to access a webserver (nat) when connecting to it on the wan (outside). We also have a pptp tunnel that goes thru the asa and terminates on another device on the inside. The pptp is NOT on the asa. When a pptp cli...
Hello, so I have one subnet(point to point /30) that I use to connect to ISP with,and I have another subnet of valid IP addresses that ISP uses this(p2p) link to forward it to me,so I wanna use one of those ip addresses for my Anyconnect client not t...
Hello Community Friends Please assist i Cisco Firewall FPR 1120 and ever since i put on the network my outgoing emails from Exchange Server 2013 are taking long to be sent out, often queuing at times up to 9 mins. I also have an office 365 protection...
I have these 2 dynamic statements for primary outside ISP and secondary as backupisp object network obj_anysubnet 0.0.0.0 0.0.0.0nat (any,outside) dynamic interface object network obj_any2subnet 0.0.0.0 0.0.0.0nat (any,backupisp) dynamic interface Pr...
I have a request to open access to Azure Files via my FTD2130. Running into a couple issues. 1st, URL-based rules don't work with ports other than 80/443 - this has long been a hangup, and was confirmed by TAC, which makes for a quite crippled system...
Hi all Can anyone tell me what the roadmap is for the ASA and Firepower devices, why are Cisco still running 2 overlapping platforms? will the ASA soon go? Also are most people moving the ASA from ASA code to the FTD code ? cheers
