im shifting a new fmc+ftd instead of an old asa firewall , i was wondering after i shift the new fmc+ftd with the same inside and outside ip addresses if i need to clear arp my layer 3 core switch and my isp router?
Forum Posts
For the life of me, I can't figure out what is causing my NAT problem. I ran a packet trace from 10.0.0.1 to 8.8.8.8 and received "(nat-xlate-failed)NAT failed" message. All I'm trying to do is to allow any host from 10.1.1.5 subnet to go out to the ...
It happens couple times that after I forgot to stop a real-time packet capture, I could not enter into Lina CLI. Going to expert mode is OK. I am thinking if there is a way to kill the process under expert mode. I am pretty sure that the capture is c...
Hello together, I have 2x5525-X (in a Failover-Cluster config) and (first Version from 2015) with the old IPS Software Modul. I want to upgrade the 5525x Hardware with 2x5525-FP-UPG Pack, so that i can use the new Firepower Services. So anyone here, ...
Hi experts,I would like any suggestions on this topology. We are is the middle of replacing our old ASA5520 with the new FirePower. Our current firewall terminate our IPsec tunnels and the GRE is terminated on the first inside router's loopback on th...
i have fmc+ftd 2110 and almost 100 rules . can i enable logging for all rules or will it cause cpu and storage issue for the fmc?
Dear All; I tried to block TOR browser by ASA 5515 FirePOWEP and FireSIGHT 5.3.1 using TOR application, And there's no results and no connections view as well. Please let me know if this issue has been solved with FirePOWEP and FireSIGHT 5.4.1 or 6 v...
Resolved! blocking users from using tor browser
Hello guys ,i bought a new cisco asa 5506-x with URL filtering license and i blocked some sites which is cool ,but now some users on the network are using tor browser to bypass the firewall and i can't do anything about it , so is there some way to b...
Hello , <164>Sep 03 2019 13:43:18: %ASA-4-106023: Deny tcp src Inside: x/3031 dst Outside:x/135 by access-group "Inside_access_in" [0x0, 0x0] <164>Sep 03 2019 13:43:18: %ASA-4-106023: Deny tcp src Inside: x/3031 dst Outside:x/135 by access-group "Ins...
Resolved! ASA 5506 9.82 BVI Maxium ips
Hi I have a ASA 5506 in transparent mode, I wanted to see if there is a maximum amount of interfaces I can add to a BVI on the 5506 using 9.8.2. Many Thanks in advance
Hi I am running the following sfr but when trying to update to 6.2.3.3-76 from the GUI it fails Model ASA5506 Serial Number ***** Software Version 6.2.3 (build 83) OS Cisco Fire Linux OS 6.2.3 (build13) Snort Version 2.9.12 GRE (Build 327) Rule Up...
Couldn't find this anywhere, so made it myself, its a group that excludes all RFC1918 addressing and contains all other IPv4 addresses. It includes RFC3330 but I don't think that will concern most people. object-group network INTERNETnetwork-object ...
Hi all,I'm trying to allow SIP calls through a 5505 running version 8.2(2). I've passed port 5060 through the firewall but now I'm seeing the RTP traffic blocked. I read this page and added this to my config:class-map inspection_defaultmatch defaul...
We are planning to deploy NGFWv in AWS for Secure access to Internet for Central Patch Mgmt Servers. Connection will only be initiated from AWS Servers to Internet. I am not able to find any design/deployment Guides for such scenario. My questions ar...
Hello Team,I have a question about Firepower local users. I see one local user admin but in document there is another local user called casuser. I was looking about casuser in Cisco website but no luck. Could you please help me about "casuser" in IP...
