I am attempting to restrict all traffic other than management and infrastructure services into my management SVIs. I would like to do this using object-group ACLs but so far I have not been successful in doing so. My implementation is as follows:
So, on the NET_MGMT_INT ACL the first two ACEs should, I would think, be counting hits as TACACS, NTP, SSH, etc., traffic hits the interface and is then parsed by the ACEs. However, this is not happening. The permit ip any any is there so that I do not get kicked out of the device and that is the ACE that is gathering hits and allowing the traffic.
I am not sure if this is a directionality issue in the way I have built the ACE or something else. Any help with this would be greatly appreciated!
We have the Endpoint purge to delete any thing over 365 days, but this wasn't working as standard since in was installedSo disabled and enabled again and this seem to fix it, as had just under 200k endpoints captured. But it removed all clients that ...
When we unregister FTD from FMC and re-register, all the static routes are lost on it. Sometimes device has database corruption, if re-image is the only solution then upon re-image, FTD comes up fresh and we need to configure everything from scra...
Hi,I have a very simple question; we have two ASA 5585-X working in Active/Standby Mode with multiuser Contexts.Normally Primary Unit is active for failover group 1 and 2; Secondary Unit is standby !At the moment our Secondary Unit is completely disconnec...
Meet the Authors Event - CCIE Security and Practical Applications in Today’s Network: Zero Trust
(Live event – Thursday, 29th, 2020 at 10:00 a.m. Pacific / 1:00 p.m. Eastern / 6:00 p.m. Paris)
This event will have place on Thursday 29th, October 2020 at 1...
My company uses Microsoft Azure AD, and I sign into all my applications using that account. Can I use that account when I sign in?
Yes - all applications that support SecureX sign-on allow direct login with your Microsoft Azure AD accou...