After upgrading AnyConnect package on AS from 3.0 to 3.1 getting error that the certificate is untrusted and have to accept the certificate when trying to automatically login to the website. Is it possible to disable the strict trust setting to avoid this error?
It is strongly recommended that Strict Certificate Trust for the AnyConnect client is enabled for the following reasons:
•With the increase in targeted exploits, enabling Strict Certificate Trust in the local policy helps prevent man in the middle attacks when users are connecting from untrusted networks such as public-access networks.
•Even if you use fully verifiable and trusted certificates, the AnyConnect client, by default, allows end users to accept unverifiable certificates. If your end users are subjected to a man-in-the-middle attack, they may be prompted to accept a malicious certificate. To remove this decision from your end users, enable Strict Certificate Trust.
Hello All, Can anyone help me how can I enable logging using Ssh So that I can collect/view debug logs for real time logs and previous logs like 3-4 days before. Below is the output of my ftd cli firepower# show logging
Syslog logging: dis...
Have used the following IPs for reference :Jump Server IP: 192.168.10.5 (Subnet A - AWS)ASAv30 inside interface IP: 192.168.20.5 (subnet B - AWS) Able to ping the ASAv inside interface from the Jump Server, but unable to SSH/HTTPS the ASAv insi...
I attempted to create an access control rule for IPS and AMP from information I found online, and apparently it was completely wrong, because it had the effect of ignoring all block rules and opening up my whole network to the Internet. No matter wh...
My customer is asking for Port Pairing (NIC Teaming) for Data port. The customer is going to use only one Data Port for to and fro traffic and want to pair P1 and P2 interface.
My question to you is if there is any downside of using port pairi...
Folks,Is there a way to filter or block NHRP registration requests completely on a next-hop server? I know that's an odd question but there are good reasons to do this.I have already tried several things and none of it has worked. I would be really amazed...