Missing 'user-statistics scanning' in Global MPF Policy after Upgrade to 9.9.1 Code
Not sure what has happened here but after upgrading my ASA to 9.9.1 from 9.6.3, a global MPF policy I had applied was removed from the configuration. This policy was doing default traffic inspection as well as DNS inspection for use with DNS doctoring. I tried re-applying the policy to the device. The device would take the command but not actually add the command to the configuration. I also use an interface policy for traffic policing and DDOS protection so at first I thought the device was no longer allowing the use of both an interface policy and a global policy together. I tried to shift some of the inspection configurations to the interface policy. I got that to work but noticed that one of the commands I added there would not take. Here is what I had in the global policy:
So after moving this inspection config to the interface policy, I noticed that all commands showed in the configuration except for the 'user-statistics scanning' part. So I removed that from the global policy and re-added the service-policy command to add the global policy to the configuration. This time the device took the command and added it to the configuration. So it seems somewhere between 9.6.3 and 9.9.1, the user-statistics scanning command has been removed or no longer works. With that command as part of the policy-map, I cannot apply the policy and have it stick in the config. The device takes the command and gives no errors but the command does not show in the configuration. Does anyone know if the 'user-statistics scanning' command has been deprecated? Whats the deal here? Thanks in advance for any help.
This video provides the steps to configure the Cisco Threat Response (CTR) and ESA Integration.
This is live on the portal:https://video.cisco.com/video/6159336218001
And on YouTube:https://www.youtube.com/watch?v=UCKIdx5rdFg
I need to migrate from C170 to C190 and have already match to the same Firmware Version. I have a question. Is there any method that can export and import the configuration file instead of form cluster ?
This AMA will serve as the Q&A for the Cisco Live Digital breakout DGTL-BRKSEC-1011 - "A Challenger Appears: Defending Mailboxes in the Cloud" which covers a brand new product which will be announced during the event: Cloud Mailbox Defense.
I've fixed this before but now I'm running into a different type of an issue. My firewall isn't booting to the image so I have to keep reloading the image onto the ASA. Any help would be appreciated. Also my Config-Register is set to 0x1. As of right now,...
Join us live on Tuesday, May 19th at 10 am PT (and on demand after) as we officially bust the myths around SMBs and cybersecurity. Join our experts for a live Cisco Chat - we'll share some fascinating survey results, and outline key factors for a suc...