Best practices regarding Service Groups in Cisco ASA
I wonder if there is any best practice guideline regarding the use of TCP/UDP Service Groups, instead of several one-port access-rules
For example, if you have several subnets who need to talk to some domain controllers in one subnet, for AD-traffic - it quick get a lot of access-rules if you use one rule per port. On the other side, you can easily see which rules have hits, and who have no hits - and might be removed.
I'm thinking of creating a Service Group for all AD-traffic, so I only need one rule for each interface for this traffic.
Any downsides doing this? Do use of Service Groups impact performance?
I am not able to login to the ASAv device on AWS. I get the following message when I try from another EC2 (ubuntu 16.04) no matching key exchange method found. Their offer: diffie-hellman-group14-sha256 When I try from my Mac - I just get n...
Question. Our legal folks have asked if it is possible to add a footer to outbound email if it went out via TLS. So if it successfully negotiates TLS, can we add a footer that says "Sent successfully via TLS 1.2". Is this possible? ...
Segmentation Strategy - An ISE Prescriptive Guide
For an offline or printed copy of this document, simply choose ⋮ Options > Printer Friendly Page. You may then Print, Print to PDF or copy and paste to any other document ...
We have the Endpoint purge to delete any thing over 365 days, but this wasn't working as standard since in was installedSo disabled and enabled again and this seem to fix it, as had just under 200k endpoints captured. But it removed all clients that ...
When we unregister FTD from FMC and re-register, all the static routes are lost on it. Sometimes device has database corruption, if re-image is the only solution then upon re-image, FTD comes up fresh and we need to configure everything from scra...