I have a server on my DMZ that runs a service on FTP. I do not have an access-list permitting traffic from outside to the DMZ on ftp.FTP is not inspected on the global policy But the FTP service is accessible from the outside network. Is there any r...
Forum Posts
Having an issue that so far I cant figure out. My actual issue was that I was trying to allow a site that was blocked by another rule, but I went back to basics and try to get a basic URL rule to match in the logs. Using Cisco FirePower version 6.2...
How can i restrict Anyconnect VPN users, only to a pariticular ip address with a specific port in may inside network, say 10.10.10.50 with port 80, block any other ports like 3389.i tried both the commands and associated with Group Policy.access-lis...
Resolved! Firepower 1010 to replace 5506?
This may be an obvious question for a var/partner, but is there any information on the FP1010 platform that's to take the place of ASA5506 to run FP? Per the below, the EOS is the end of July but I can't find any mention of a 1010 box on the Cisco si...
Dear Team, I had configured Firepower on out client's site and everything was working Ok untill he called and told me that Firepower wasnt working anymore. I went and checked and couldnt see any firepower traffic on ASDM. I checked on the Flash ans t...
Resolved! ICMP Logging Gone Wild!
Goal:How do I disable these ICMP messages on my ASA? Version 8.0(3)6 Problem:In my log file I have 343520 entries per hour of just ICMP messages! We're installing some new equipment and it does a plentiful amount of ICMP traffic which is used for its...
I have cisco ASA 5505 which create a VPN tunnel to Datacenter. When I try to ping server in DC from ASA's inside interface, the ping is ok. (like this "ping ins SERVER-IP-ADDRESS")But if I tried to ping some host behind ASA from this server, the pin...
I have a multi-context ASA with the following configuration:int g0/0 channel-group 10int g0/1 channel-group 10!int po10.106 desc CONTEXT1 - outside vlan 106!int po10.107 desc CONTEXT1 - outside vlan 107!context CONTEXT1 allocate-interface Port-channe...
Hi, i'm studdent in Networking and i have to configure a double firewall zbf, i have to buy a firewall but i'm not sure that we can configure zbf with Cisco ASA5506-x. Thanks You
Hi ALL,In SSL Policy of Firepower there is "Trusted CA Certificates" tab which I have never seen being described in any Cisco documentation what is its importance. I mean all guide and configuration sample show implementing of SSL Policy without even...
We have FMC ( Ver 6.2.3.3 ) anf FTD ASA5516-x now . I have set access control policy with application + URL , but I can't see any hit count on FTD.> show running-config | grep 268439554access-list CSM_FW_ACL_ remark rule-id 268439554: ACCESS POLICY: ...
What if I want to NAT an internal IP address to another IP address that should be allowed to transverse an IPSEC tunnel on an ASA? Example, I have 160.1.1.10 address that I want to be Natted to 170.1.1.10 which is an source IP allowed to reach 200.1....
Dear ALL, We just purchased the ASA5508-FTD-X for the internal firewall, all internal device's default gateway is point to ASA 5508, and have 3 vlan, vlan166(Server subnet) ,vlan177(VIP member subnet) & vlan 188(Staff subnet). We have two guestOS in ...
From the report, Cisco did not specify a fix if i read it correctly. I have FTD 2130 in my environment and I got into issues with snmp and i would like to know if this has been fixed.
Hi,1. Does the latest ASA software support routing traffic to next hop based on FQDNs, eg. for Azure? I've done this in the past using subnets & objects.2. Would the FTD be able to achieve this objective better than an ASA?Regards, mk
