Activity in Security
unravelling FTD DNS settings and configuration
I currently have an FTD that has public DNS configured on the management interface (>show network, >show DNS system have Umbrella IPs). I have internal DNS IPs assigned to inside data interface using the platform policy. I did not check enable DNS...
Sievechar feature not working for LDAP queries with separators
Hello,We enabled the Sieve Email filtering feature that allows LDAP to accept/routing queries when email addresses contain separators (jdoe+123@cisco.com = jdoe@cisco.com) . This is not working since the ESA appliance still sends the whole email addr...
Announcement: GA for Cisco Secure Access Add-on/App for Splunk v9
Feature Overview Customers who use Secure Access and Splunk use the- Cisco Secure Access Add-on for Splunk to bring their event logs into Splunk from AWS S3 (from either a customer or a Cisco Managed bucket). The Add-on then extracts fields and maps ...
TACACS+ Authentication Succeeds on ISE but Fails on Switch
We have encountered an unexpected issue. Despite trying various troubleshooting methods, we have been unable to identify the root cause. We would appreciate expert guidance and recommendations.Problem SummaryWe are experiencing an issue with Cisco IS...
Anyconnect VPN server certificate error
We have an ASA that we use just for our VPN and we use Cisco DUO on it for MFA. This is all setup and working for our Windows users, but once I upgraded the Cisco Secure client version to 5.1.14.145, it broke for our couple of MacOS users. If I switc...
How to aggregate multiple DAP ACLs on FTD 7.4 using ISE Posture?
Hi everyone,I'm struggling with a DAP (Dynamic Access Policy) behavior on FTD 7.4 when switching from direct LDAP to ISE (RADIUS).Current Setup & Goal:Users authenticate via ISE (AnyConnect VPN).ISE performs Posture Assessment (Posture is mandatory, ...
FTD to AWS VPN gateway IKEv2 phase 1 lifetime mismatch
I've created a VPN successfully from a Cisco FMC managed FTD (v7.4.2.4) to a AWS VPN gateway, but am having issues as the IKEv2 phase 1 SA lifetime doesn't match. The AWS side always uses 28800 and I've configured a policy on the FTD to use 28800 se...
ISE Upgrade Incident Summary
ISE Upgrade Incident SummaryOverview: ISE 1 and ISE 2 were upgraded from version 3.3 to 3.4. The upgrade did not go smoothly because the upgrade on ISE 2 failed partway through.Timeline and ObservationsPre-upgrade: The bonded interface for Gi0 was do...
ASDM privileges via ISE cisco
Hello,I would like to grant an administrator read-only access limited to Access Rules, NAT Rules, and Objects via ASDM.I have already configured TACACS+ authentication and authorization using Cisco ISE, however I’m struggling to identify the exact sh...
AMA-What's New with Cisco Secure Firewall and Upgrade Best Practices
Welcome to the Cisco Community Ask Me Anything conversation. Submit your questions from Wednesday January 14, 2026 through Friday January 23rd, 2026. Our colleagues Annya Martinez, Jyhan Ocana, and Scott Nishimura will be waiting to assist you and r...
Resolved! Executing vault recovery process to resolve vault issues on ESAs
Hello,Does anyone know how can I find out if the ESAs I'm about to upgrade have encryption enabled or not, related to the vault recovery process?The documentation seems vague and only mentioning encryption as a whole. Is it FIPS encryption? Is it app...
0-Day in ESA/SMA CVE-2025-20393
Good afternoon. Cisco published a severity 10 CVE today for ESA and SMA. This only applies if the Spam Quarantine is exposed to the internet. https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sma-attack-N9bf4 Ba...
Resolved! Need help assessing my level of vulnerability to CVE-2025-20393
I am looking for instructions to confirm my level of vulnerability to CVE-2025-20393. Online they keep telling me to go to Network>IP Interfaces. However, I don't see IP Interfaces under Network on either my ESA nor SMA. I know we are using a spam...
Zero Day Vulnerability with CVE‑2025‑20393
Which version is affected by this zero day vulnerability with CVE‑2025‑20393
Resolved! CSCws36549 - Reports About Cyberattacks Against Cisco ESA and SMA
Hi @ all, I am a bit confused, as "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCws36549" ( Last Modified Jan 05, 2026) states following Known Affected Releases:16.0.1-01016.0.0-19515.5.1-02415.0.0-012 , while "https://sec.cloudapps.cisco.com/sec...
| User | Helpful Count |
|---|---|
| 55 | |
| 25 | |
| 24 | |
| 9 | |
| 7 |
