DearHow are you? Implementing two sfr modules in ASA failover firewall will be managed by an FMC. For 3 weeks you will be only monitoring the traffic and analyzed through the FMC to define the signature bases that we will block, I have a period to le...
hi guys, I m facing a tricky NAT issue here, it's quite strange....here is the story :we have a subnet 192.168.2.0/24 and have 2 public IP on ASA(9.1)all the subnet is dynamic NAT to the outside interface.and now I want to add an internal IP to stati...
Hello everyone, I'm currently running Firepower 6.2.3.9-54 on ASA 5516-X 9.8(3)-16 (currently running in monitor only mode). I've created an SSL Policy and attached it to an ACP. The SSL Policy is configured to 'Decrypt - Known Key' for a single web...
I am trying to open up all the ip ranges that Cisco says it needs for webex to talk to my sparkboards. Is there an easy way to create a network object group that has multiple ranges in it? I am running ASA 9.8.2 if that makes a difference. So for...
Hello, I've been working on this and could not find out why.I have an esxi server and a web server.I can port forward to my test webserver with no problem using:static (inside,outside) tcp interface 8080 192.168.6.251 www netmask 255.255.255.255 But...
Hi everyone,I have a network behind a ASA5515X with Internet access.When any PC (behind the 5515x) tries to connect to a remote FTP server, it is possible, but when the FTP client tries to list (LS) o execute DIR inside the FTP server, the command is...
Hello, Can Cisco ASA 5500-X with FirePOWER Service be used as a proxy server as well as for firewall and VPN features? If so, how can this be achieved?
I have an ACL that shows in Details window when looking at IPSEC connection on ASA, however from CLI I don't see the ACL applied to an interface via Crypto Map. Are there other ways to apply ACL on ASA interface?
Does Firepower have the ability to query the Firepower API for an MD5 to see if FP has seen it before? Does Firepower have the ability to block a given MD5 via the API?
Hello all, I'm new to writing with Cisco devices and having some trouble. I'm working with an ASA version 9.4(4)20 Device Manager Version 7.1(3). Ok so I'm struggling to search if IP address exists in an object group and at and fine see what else is ...
Hi everyone! I have two hosts:192.168.1.227 <--> outside (static 192.168.1.2)192.168.2.230 <--> inside_1 (static 192.168.2.1) I can ping sucessfully from 192.168.1.227 --> 192.168.2.230,but not from 192.168.2.230 --> 192.168.1.227 (timeout). My confi...
Hello everyone, I recently create a custom snort rule on my Firepower 8130 sensor, this is a really simple rule for detect excessive connections in x seconds from the same source IP address, I applied the rule into the intrusion policy and then d...
Greetings, We recently were able to get FirePOWER T&C licensing enabled on our ASA 5506-X, but we seem to be unable to route traffic from the firewall through the SFR Module. We have only the 5506, no TMC or virtual appliances. We made it through t...
Hi there,Hope your all well,I am currently looking at not only implementing a new DMZ but also allowing for our migration to Office365 services with that. I was hoping to reach out and ask how people have faired with O365, already I am hitting bumps ...
