Greetings,My customer is asking for a firewall with Number of concurrent VPN tunnels= 10,000 and Number of security policies: 16,000 . I am not able to find in Cisco this. Can someone please share their knowledge and experience about this? Is 2140...
Hi,I have AMP for network on Firepower 2130, have configured file policy etc and have been using this site to testhttps://www.eicar.org/?page_id=3950. Http request are blocked by AMP, however https are not, we then configured ssl decryption, import c...
Okay so in my last discussion I wasn't getting an IP address from the ISP. Now I'm getting the ISP assigned dynamic IP address on the ASA, but I'm not getting the DNS servers of the ISP automatically on the ASA. I do get the DNS servers automatically...
Somewhere in upgrading to ASA code 9.1.4 and CX code 9.2.1.2 (52) we've run into a known and as yet still open bug (CSCud54665). The symptom that we experienced was frequent failover back and forth due to 'Service card in other unit has failed'. Th...
GreetingsI'm attempting to use an ASA to route two VLANs to an outside interface that uses NAT/Port Forwarding on the outside IP to access several servers within one of the aforementioned VLANs. The following diagram shows the topology. The router...
Hello everybody,I have a ASA5505 running OS rel. 9.1(7)32.Between this ASA and the target network are two different lines, one with encryption (S2S VPN) and one MPLS line.Depending on the source IP network I need to route that packets defferently.The...
If you look at the L2L VPN Session, you will see nothing in the session list.The configurationone ASA5525 (headquarters) and two ASA5516 (branch offices) are connected5525's outside IP is connected to Dynamic. I attach running-config.Help me plz!!!
After snort auto update, FTD gives the below error. The 3DES/AES algorithms require a Encryption-3DES-AES activation key. Is it related to 3DES-AES encryption license ? Does anyone experience with same issue? Any workaround ? Thanks in advance.
Have a pair of 5515-IPS that are having a pen test done soon. We need to whitelist the pen test company IP addr from the IPS module. Does anyone have any suggestions on how to do this? Had thought of possibly excluding those addresses from the poli...
My question is pertaining to the flow of traffic with an ASA 5555X with the FirePower services module and a WCCP Redirect to a WSA appliance. I would think that the traffic flow should occur such as: Http traffic --> ASA --> FP IPS --> WCCP to WSA P...
Hello EveryoneWe would like to deploy our 4120 as a Multi-Instance Container to have more flexibility in the future, without the need to get new boxes.Now in the Multi-Instance Guide and the FTD/FMC6.4 it states that the following features are not su...
I have a question regarding ASA session checkImagen this situationWe have an ASA which is Building two VPNs (Site-to-Site) to the Cloud and in the Routing table there is a loadbalancing to the Destination in the Cloud over the two VPN connections.(Lo...
Hi, Currently i have an ASA firewall on HO which is also the gateway for the users/servers etc... have a dark fiber connected to DR, we will have same subnet there and will have new firewall Cisco Firepower 4120. in the event the ASA goes down , how ...
I have a firewall Cisco ASA 5505, and currently it is a command line firewall. I want to configure ASDM so that i can use it as a GUI Web Base interface.I really dont know what to do. Can any one please help me how can i configure ASDM on my firewall...
Hi, I have cisco 5516x with firepower. My firepower install at FMC version 5.4.1. Below my question. 1. what is the best practice to update the rule ( System > Update > Rule Updates ) by weekly basis or monthly ? 2. Any impact during the rule upda...
