I would like to monitor the FTD via SNMP on the FTD subinterface. My monitoring system is coming from outside, and should be polling the inside interface.However, such traffic is not possible. I have read that it is not possible to communicate with t...
Hi. I believe it's a simple topic which has not been explained very clearly. I read about Tunnel & Prefilter rules on Cisco website and even on the books, but none of them was clear enough. So, Would u ask my questions here? 1. supposing we have n...
Hi colleagues, I've encountered the following situation - the system shows the following warning messages for rules in ACpolicy:Our scheme in general.We have an FMCv is deployed in the DC, which controls 2 FTD devices (FPR 3140). An Identity Policy...
Hello,in ASA Version 9.20(3)7 we tested the new threat-detection servicehttps://www.cisco.com/c/en/us/support/docs/security/secure-firewall-asa/222315-configure-threat-detection-services-for.htmlthreat-detection service invalid-vpn-accessthreat-detec...
Simple scenario, one FMC managing two pairs of firewalls in HA. To repeat there is one FMC and no plan to deploy another for redundancy. If FMC was to completely fail, I'm guessing the firewalls keep working with the last pushed FMC config. If I need...
Hi Team,I would like to know if there is a way to change the FCM syslog port.In Web interface there is no option available.Is there a way to change it via cli?
HelloWe have a lot of clients getting the following error when contacting diffrent sites: ERR_SSL_PROTOCOL_ERROR, we have read that SonicWall and Palo Alto also have these problemes. Solution is to turn off "TLS 1.3 Hybridized Kyber Support" in chro...
Hello everybody, our customer has a ASAv runnig rel. 9.16(1)28. Our monitoring has send an error message that an expiredidentity certificate (see screen dump attached) is still in the configuration. I tried to delete it from the interfaces within the...
Hey all, I'm migrating from an ASA to FTD (managed by FMC). In the current ASA deployment, we have lots of VPN users that connect to a single tunnel-group and authenticate using local user credentials configured on the ASA. Now for the magic....based...
While accessing FTD using PUTTY, I am landing on expert mode directly and not on CLISH mode.I tried ctrl+c or exit command to get out of expert mode but it did not work for me. It kicked me out of SSH session.Can anyone suggest if you have faced simi...
Hi,I have Anyconnect VPN setup with SAML authentication. I have to renew Anyconnect cert. Does a new Certificate change SAML metadata? Do I need to update anything on SAML side or this information (metadata) remains same even after cert upgrade. Plea...
Hello EveryoneI have two Firepower 2110 in my network ACTIVE/STANDBY, and it's run in mode: multiple. My question here how many Contexts still I can add, because every FW show me different number, FW1/admin# show context countTotal active Security...
Hi,I am looking to use flex configuration to push a subnet traffic down a 3 VTI tunnels in ECMP.I am wanting the traffic to be load balanced or round robin. How is this achievable if each VTI has a different tunnel IP.
I'm starting to set up some new servers in a Data Center using a Firepower 1140 (FTD) configured via Cloud FMC.The servers are connected to some L3 switches which in turn connect to the Firepower via Port Channels. I have 3 port channels configured, ...
Hello,I planed to upgrade the ASA5520, 512 MB RAM, CPU Pentium 4 Celeron 2000 MHzInternal ATA Compact Flash, 64MB which met the minimum requirement to upgrade it, I installed the image asa721-k8.bin successfully but once I issued the command (boot sy...
