Explore the security forums and share your expertise about firewalls, email and web security, Identity Service Engine, VPN, AnyConnect and more.
Showing results for 
Search instead for 
Did you mean: 

Browse the Community

Network Access Control

Cisco Access Control Server (ACS), Identity Services Engine (ISE), Zero Trust Workplace

29812 Posts

Network Security

Engage with peers and experts on network security topics such as FTD, FMC, FDM, CDO and ASA.

67252 Posts

Activity in Security

Cisco router certifcate with weak hash algorithm

It has been flagged that our routers are currently using sha1We needed an extra certificate server anyway so I created one with a certificate using key modus of 2048.Cisco said this would automatically use a hash of sha256.My first question is - does...

Replace Secondary Firepower when in HA

Have to replace a faulty secondary firepower, I am trying to delete the secondary from FMC that is setup in HA , but I cannot find the correct information to delete this.I can click the bin button, but get this error "Confirm Delete" see below, and I...

Resolved! FMC Version Suggestions for Upgrade

Hi all -I am beginning a project to migrate from 6.6.5, that is controlling an old AMP8150 and a pair of FTD1100s.  The Migration is away from the 8150 and a pair of ASA5500 to the Secure Firewall 3100 series, I have been reading the documentation I'...

rsharp001 by Beginner
  • 11 replies
  • 0 Helpful votes

ETA on ASR 1002-HX

Hello, I have ASR 1002-HX running on 17.3.5 (currently recommended software version). The problem is that ETA commands can't be applied on the router. From Cisco Feature Navigator I can see that ETA is supported on the ASR 1002-HX platform only on so...

Cisco SMA cannot download AsyncOS

Hello, I tried to upgrade my customer cisco SMA. We plan to download the image first before installing. I have tried download the image from internet and from the local web server. It keeps failing. Is there anyone have experience this problem?   her...

Profiling stopped working post upgrade to 2.7 patch 7

Hi Team,Synopsis:PEAP MSCHAP used for authentication.Authorization is provided by profiling endpoints based on hostnames.There are multiple endpoints profiles and based on different VLANs are assigned.Profiling probes HTTP, AD, DHCP, SNMP Query. Issu...

dgaikwad by Contributor
  • 0 replies
  • 0 Helpful votes

Resolved! SMA PVO 7025 SSL certificates

On "mx" in destination controls I have default "preferred TLS", but our RAT domain has there "required TLS":since yesterday I have messages in ESA active queue which cannot be delivered to SMA:the.cpq.hostDown7,0010238.8k00mx: Info: New SMTP DCID 192...

Lemat by Beginner
  • 16 replies
  • 0 Helpful votes

TCP + SSL Session

Hi,I have a firewall with URL filtering enabled. SSL is also enable for this filtering. When client try to communicate with (example), first it get IP of google from DNS and then start TCP 3 way handshake process. All communication go thro...

Resolved! ISE posture condition for critical security OS patches

Hi All ,We have ISE 3.0 setup for one of customer. I am trying to build posture condition to validate if windows 10 endpoint has latest critical security patches installed.Customer do not have WSUS or SCCM which can be leverage under patch management...

jitendrac by Beginner
  • 12 replies
  • 0 Helpful votes

anyconnect Failed to receive the AUTH msg before the timer expired

trying to set up flexvpn over a g4 lte connectioni am stuck with Failed to receive the AUTH msg before the timer expiredthe router is a c1111 with ios xe 16.9.6i can connect to it by:windows anyconnect --> c2960 --> c1111 LAN port   the vpn connectio...

ino by Beginner
  • 0 replies
  • 0 Helpful votes
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: