Network Security

De-register Firepower module from FMC and manage locally?

Should FMC become unavailable (say ESX has multiple failures), is it possible to deregister Firepower modules from FMC and manage them locally for the duration of the outage? What would be the implication of doing this? Once ESX is up and running, w...

FMC in VMWARE and SRM

We have a Firesignt Management Center in VMWare managing Firepower modules at two DCs. It looks like the original plan was to have a second one, and use HA - but this isn't available in VM. If the DC failed that currently houses FMC, then the ser...

Cisco ASA firewall or Firepower Appliance - IKEv2 RFC 5996 Compliance

Hello Everyone, I am trying to evaluate Cisco ASA firewalls for a client and struggling to test. End client is using strongswan vpn client which supports RFC 5996 feature of cached certificate or HASH_AND_URL. However I am not sure if this is suppo...

ASA Standby active websites down

Hi All , I have a pair of Cisco ASA 5525-X, in HA. The have 9 context's on them. when in active on the primary everything works fine but when I do no failover active, ie the standby then becomes active, one of the contexts websites stop working. ...

ASA Syslog load balancing

Is it possible to direct different Event Lists to different syslog servers? My goal is to send specific messages, like 305011 to one syslog server, and all others to a different syslog server. Is that possible? ASA-5585X, 9.6(4)3. Thanks!

ASA Failover 5510/5510sc

Hi community, please help with following question. I have a 5510 ASA in standalone mode, but going to change it to failover. I have another ASA, but with security context support, ASA 5510sc. Is this a restriction for failover connectivity? As I ca...

Firepower FMC and FTD causing ESXi server fail

Hi all, I am running FMC and FTD on ESXi server and every time the FMC boot up and I try to login, I loose Vsphere client connectivity and SSH to ESXi server. I can ping FMC and FTD and ESXI host but no remote connectivity. Any idea? has anyone ...

Resolved! updating asa964-3-lfbff-k8.SPA disables port on 5508-X (two reboots to fix)

Have a new 5508-X clusters running the first code update (asa963-9-lfbff-k8.SPA) that addressed the 1st webvpn security bug. Did in-place update, copy code etc to standby, copy to active, make config changes on active, reboot standby. Make stand...

Resolved! ACS 5.3 to 5.6 Upgrade Procedure

Can anyone tell me about ACS upgrade procedure from 5.3 to 5.6 . which Available Patches we need to install or we can do it directly.Please Help!! Regards,Santosh

Resolved! Manage my FMC using a public IP

I'm trying to setup access to our Firepower Management Center using a public IP and I've been unsuccessful. I have a 1:1 NAT created that maps to the FMC mgmt IP and I've created a Prefilter Policy allowing our Corp Network to Fastpath to the FMC. I ...

Resolved! 503 service unavailable error Firepower Threat Defence

Hello, I have installed a FTD device into my network. I am trying to add it into the FMC and have now done that succssfully via configure manager add 192.168.x.x cisco Now i am in the process of registering the FTD for smart licensing. But when i...

FIPS enable ASA 5515 - Port-Channel Break

Current Setup: ASA 5515 - Active/Standby pair Situation: Need to make currently running ASA 5515 FIPS complaint - cisco support said at least one port needs to be single port by itself before "fips enable" is implemented and not in port-channel. ...

Resolved! Firepower sensor upgrade.

I have 5525x ASA's in a HA pair. When they went into production we didn't have the licenses for the Firepower sensors. The firepower version they are currently running is 5.4. I would like to upgrade them to 6.2.2 or the latest version. The policy ma...

ASDM: packet tracer: link "show rule in access rules table" doesn't work but only for inside rules

Hi all, ASDM: packet tracer: link "show rule in access rules table" doesn't work but only for inside rules and works fine for all other access-group access-rules Not sure if this is a bug but, If it was a bug should have affected overall? Best ...

Change in applications after SourceFIRE upgrade?

We recently upgraded our SourceFIRE on ASA system from 5.4.1 to 6.2.0.2. (Reimaged the SFR modules, upgraded the virtual FMC) I've noticed since the upgrade that the number of applications being detected is drastically lowered. The Friday before the ...

Network Security

Forum Posts

De-register Firepower module from FMC and manage locally?

FMC in VMWARE and SRM

Cisco ASA firewall or Firepower Appliance - IKEv2 RFC 5996 Compliance

ASA Standby active websites down

ASA Syslog load balancing

ASA Failover 5510/5510sc

Firepower FMC and FTD causing ESXi server fail

Resolved! updating asa964-3-lfbff-k8.SPA disables port on 5508-X (two reboots to fix)

Resolved! ACS 5.3 to 5.6 Upgrade Procedure

Resolved! Manage my FMC using a public IP

Resolved! 503 service unavailable error Firepower Threat Defence

FIPS enable ASA 5515 - Port-Channel Break

Resolved! Firepower sensor upgrade.

ASDM: packet tracer: link "show rule in access rules table" doesn't work but only for inside rules

Change in applications after SourceFIRE upgrade?

We want to celebrate the October Spotlight Award winners!

Get ready! Great things are coming to Cisco Community

New name, same great product: Cisco Spaces

Is there any simulator where I can test ips custom signatures?

WCCP on ASA: few basic questions

Can't ping ASAv after upgrade

Firepower running ASA code using the FXOS API

asa5506W-X AP reimage/reload

Upgrade from a 5505 ASA

Smart License usage is out of compliance.

FMC/FTD VPN issue

FTD 2130 Ports

SSL Version 2 and 3 Protocol Detection in cisco switches