We have an ASA 5510 with dual ISP. The default route is configured to ISP1, and the inside clients are goes also to ISP1. We have a DMZ interface, there are public servers in it with private IP, the interesting ports are forwarded to them. The public...
Hi Everyone, From AWS Marketplace i bought CISCO ASAv ( https://aws.amazon.com/marketplace/pp/B00WH2LGM0) , want to setup Cisco Anyconnect. To setup this i need pkg files Linux,mac and windows (https://software.cisco.com/download/home/286281283/t...
I have set up a lab with a fully licensed ASA+FP device in front of a TLS enabled SMTP server. Created a rule to decrypt SSL traffic using its own certificate+key, to a set of TCP ports to this SMTP server IP address. I also turned on file detection ...
Hi folks. My first attempt at configuring a ZBF on a 1117-4p ISR (I'm ccent studying for CCNA). Prior to the ZBF commands being added to the running-config I was getting internet access (albeit with no security). Following this I get nothing - I ca...
Hi guys, I want to migrate current STATE and FAILOVER physical connections from using switches in between to direct cables. I read some design concerns and ack that tshoot event troublesome. Now I have a dedicated Port-Channel for failover and an...
We have had a detection on one of our customers network which is named UNKNOWN and has a SHA of all 0's, it has been quarantined and is creating tickets in the AMP inbox, but there is no way to tell what this is. Has anyone seen this before and is ...
Hello I'm testing out a new Cisco ASA 5508 x firewall and have everything work it appears apart from being able to access certain site via there FQDN. I can access these site via there ip addresses but no other way. I've attached a couple of scree...
Hey everyone. We have several ASA units, ranging from 5505 to 5555X. Our 5555X is reaching about 55% to 60% CPU during peek hours and we are looking to replace it. Can anyone help me with some tips on what to look at, are HW boxes still the way ...
I am converting ASA to firepower. The problem is that I need to remove the zones and int ip addresses from the original config as they are being removed and replaced with a new ip schemes. Is there a way to edit the new sfo file to add the new int i...
I've attempted 3 time now to upgrade a 3D7125 from 5.3.0.3 to 5.4.0-763 with it failing at the same stepInstalling Sourcefire 3D Device S3 Upgrade version: 5.4.0-763Local InstallUpdate Installation Failed : [15%] Fatal error: Error running script 200...
Hi Folks, anyone have experience with how to search all the hosts running vulnerable browsers? for eg, if I run the templated report 'Network Risk Report' it has a section "dangerous web browser versions" How do I search within my hosts to pull up ...
Hello Guys , I'm studying Firewall and I performing a NAT Lab to improve my skills. The ideia is be able to access ssh from "Remote_Router" to "Firewall", ISP will perform a static nat from 200.0.0.6 to 172.16.0.2 Outside on "Firewall". I can ping ...
Dear Members, Currently we are using ASA5585 with SSP20 Module and its back plane and module doesn't support 10G media. I am currently looking for a temporary solution. Once our new NGF will come and will be good to go. I am looking for a virtuali...
Hello, I need a NAT for the Institution website and created the following rule. Checking the access LOG it gives me the following return and does not arrive at its destination in the IP inside. Does anyone have any ideas ?
I have a Cisco ASA 5512-X and it is discarding any IPv6 packets on the ingress interface. In particular I have an ISP (Comcast) who sends DHCPv6 advertisement and reply XIDs with a hop limit of 0. I reported it to them, but they told me to pound sa...
