Network Security

Firewall Migration Tool v7.0.0.1 now live!

Enabling our customers to leverage their install base and take them to the next level with Cisco Secure Firewall Threat Defense has always been a key priority. The migration tool is available for download to migrate the configuration on the on-premi...

Resolved! How do I import and block IP addresses by country?

I need to block IP traffics from a certain country. I know I can export a free IP address list from firewall IP generator. The sample output format for Cisco ACL is as below.What should I do next to import the list to enable blocking in Cisco AXA? I ...

iPhone Wifi Calling using ASA recent IOS

I am getting one way audio for iPhone Wi-Fi calling. This started after I used the AnyConnect VPN wizard. This problem is not over an Anyconnect connection that I am having the issue. It's within the network connected to a Unifi AP. I only men...

Block 3rd Party RDP Apps

I have a request from management to block 3rd party remote desktop applications at the firewall. I'm wondering if this can be done on an ASA, possibly through the Service Policy Rules... ASA-5545 version 9.2(4)27 Any advice would be appreciate...

FDR 2120 ModuleDisk Usage: /ngfw using 100%: 51G (0 Avail) of 51G

Hello mates, I have an issue with FTD 2120 version 6.2.2 centrally managed from FMC. I get this error: ModuleDisk Usage: /ngfw using 100%: 51G (0 Avail) of 51G. After investigation i found that the large file is: /ngfw/var/lib/mysql/mysql-server.err ...

Cisco firepower 9300

Please help me to find the differences in Chassis management and firepower management . In firepower 9300 i can see management port for only to manage chassis . Also share document how to achieve HA in fdm (local manager) .

My license is invalid for ASA5506X

I have setup firepower and access rules for inside7 and outside to deny any i notice that inside1 can connect internet if outside connect WAN link then after add license and verify or submit license downloaded or from email it return license is i...

dot1x authentication failed

Hi, A user is getting dot1.x authentication failed. I connected the user laptop to the switch and i shut& no shut the switch interface. I got the following debug logs. the config on the switch port is same as the other port and rest of the ports ...

ASA DHCP relay UDP request discarded

Hello I'm working on setting up a management network for access points and the APs don't get any IP addresses. I can't get the DHCP relay to work. dhcprelay server 10.64.32.236 insidedhcprelay enable MGMTWIFIdhcprelay setroute MGMTWIFIdhcprelay ...

How can a static route just disappear?

Hello, We had an issue with our ASA55065X this evening where our static route was lost, and subsequently our company lost Internet connectivity. A technician was working on getting AnyConnect AAA Authentication restored when he claims that suddenly ...

Resolved! Inline NGIPSv

I have an ASAv with a trunk port-group going to it, and I am looking to move an NGIPSv inline between it and the internal resources. I had some questions I am having trouble finding a definitive answer for. Does the NGIPS virtual appliance support VL...

Resolved! outside,inside NAT not working

I'm trying to Port Map access to several inside servers by mapping both outside IP/PORT to a inside IP/PORT. On a Cisco ASA 5520 I overloaded to get to the Internet and tried to NAT (outside,inside) to get to a web server from the outside. I'm simu...

Firepower AMP and URL Updates

Where do you configure or verify that the FMC is updating URL and AMP? Want to make sure I am getting latest AMP definitions and the latest URL categories and such.

Cisco ASA 5508 FTD image - SSL specific pages not loaded on specific hosts

Hello everyone , He facing a curious problem with Cisco ASA 5508 FTD 6.2.3 . We have setup FTD and we facing problem from specific 3 endpoints that are not able to open specific sites . We do not do any policy on URL neither on IPS for specific net...

Zone-Based Firewall - Block Applications with NBAR2

Hello, I'm curious to know if there is a way to block applications that have been classified by NBAR2 using zone-based firewalls on the ISR platform. Here's what I was thinking: class-map match-any CM match protocol bittorrent match protocol ...

Bypass Mode FP Sensor

Hi guys, i just read in FP documentation that bypass mode will have a few packet drops when the FP chassis has been rebooted? Is that true and what is reason why it will have few packet drops? Thanks

Network Security

Forum Posts

Firewall Migration Tool v7.0.0.1 now live!

Resolved! How do I import and block IP addresses by country?

iPhone Wifi Calling using ASA recent IOS

Block 3rd Party RDP Apps

FDR 2120 ModuleDisk Usage: /ngfw using 100%: 51G (0 Avail) of 51G

Cisco firepower 9300

My license is invalid for ASA5506X

dot1x authentication failed

ASA DHCP relay UDP request discarded

How can a static route just disappear?

Resolved! Inline NGIPSv

Resolved! outside,inside NAT not working

Firepower AMP and URL Updates

Cisco ASA 5508 FTD image - SSL specific pages not loaded on specific hosts

Zone-Based Firewall - Block Applications with NBAR2

Bypass Mode FP Sensor

On-Demand Webinar: B&M Security Transformation with Cisco XDR

Congratulations to the Event Top Contributors Class of 2024!

Knowledge Hub: Cisco Technology for Securing the Enterprise

Cisco + Splunk: It's a new day for your data.

Announcing Resources That Guide You to Success

Problem with ssl decrypt-resign on Cisco Sefure Firewall

FTD reboots and the active firewall losts all of the User ID entries

ASA AD LDAP Authorization belonging to multiple groups

Cisco FTD workaround for SSE connector failure stumbled on rights priv

Assigning an EtherChannel Subinterface to an Instance via FMC API

Firepower 1010 readiness check stuck at "Please Wait"

OpenSSH regreSSHion vulnerability in FMC

Hyper-V VHD image for FMC virtual

Cisco Packet Tracer ASA 5506 Prevents Access to DMZ Servers

Firepower 7.42 issue interface Management0 has no link