Security

FPR1140 in HA firmware update

I went to update a pair of FPR1140 that are in HA yesterday using FDM. I had read conflicting instructions online.  Ciscos instructions were saying log on to the standby unit (which i cant as its in HA) so I went with some other instructions that sai...

FDM - setting up Variable Set and File Policies

Hi, We have a set of FTDs and using FDM for management.  Found some answer about the Variable Set being the feature not available in FDM.  However, I am hoping that someone can recommend a smoother workaround to create it there besides the FlexConfig...

FMC/FTD - Wildcard URL objects and use of the leading dot

Hi All,I've asked a question a few days ago on this 4 year old post but unsurprisingly haven't had any response so starting a new post. We had a requirement to allow wildcard access to a remote SQL server over tcp/1433, as the host portion of the des...

Historical data for endpoint in hostgroup

Hi,We are leveraging the API to perform bulk uploads of endpoints into hostgroups and we noticed that everytime we upload an existing IP in a hostgroup, the IP is removed and recreated again. If the IP does not change, is SNA deleting the historical ...

High Load Average on one Policy Nodes Due to Consistent Daily Spike

MPLS and Backup VPN Connection - Asymetric routing issues

Hello, A customer have some asymetric routing issues after a power outage on their local site. They are using MPLS as primary connection to their DC and a static L2L VPN connection as backup. There is a /18 network beeing anounced over MPLS from the ...

ASA5512X Failover Communication Failure

I am using 2 ASA 5512Xs with the same bin, version 9.12(4).67 , hardware (4GB ram and clarkdale 2.8Ghz cpu), and license (security plus) but when I do show failover state it says there is a communication failure between the two. I am connecting them ...

Cisco AnyConnect IPSec/SSL Connection

Hi Team! I have a question for you — is it possible to configure AnyConnect to work in the following way:First, it tries to establish a connection using IPSec, but if it cannot (for example, because the user is at an airport where UDP ports 500/4500 ...

IKEv2 logs are not clear

Hi,I have a VPN setup between two cisco IOS routers running IKEv2It works fine with no issuesI see the logs below and Im not sure I understand what they are.I see IKEV@-5-SA_DOWN every time the IKEv2 SA lifetime is up and renews. I also changed the l...

Cisco AnyConnectClient Breaking Mac Finder

Hello,I have been receiving continual pop ups for several weeks from Cisco Secure Client on my corporate Macbook saying "The VPN client agent was unable to create the interprocess communication depot." This pop up interrupts whatever I will be workin...

Need to configure restriction for non compliant wireless user in ise

We have FortiGate WLC for wireless user . After posture scanning if the user is non-compliant we are unable to restrict the access user is getting full access. We tried from ISE to Push ACL still the restriction is not working. Wireless user connecti...

ASA, Packet Tracer and Activation key

A question that has me intrigued... "Packet Tracer" allows you to place activation key for ASA.   How do I ask for the activation key (from which person or manual or software)?   ---> If it's software... Is it to activate ONLY some functionality or d...

FTD Dynamic L2L VPNs

Hello, We want to have a FTD (with static public IP) and several Cisco routers (with dynamic IP) connected with IPSEC IKEv2 L2L VPNs with different PSKs for each VPN.  We dont find on the FTD how to check the receiving ID that the router would send t...