Activity in Security
What's the easiest way to add a new subnet in FTD b4 decomming the old
Hello Experts,We have a Cisco Firepower 2130 in production running version 7.4.2.4 which we manage via FMC. A Port-Channel with a VLAN has been configured on the FTD with its own IP address serving as the gateway for DHCP clients while the FTD serves...
Can SIA be used in a Secure Private Access environment?
In an environment where only the "Secure Private Access (SPA)" license for "Cisco Secure Access (SA)" has been purchased, can the Secure Internet Access (SIA) function be used if desired? For example, is there a mechanism in place to hide SIA-specifi...
ISE 3.2 P7–Context Visibility reset impact
Hi all,We are running Cisco ISE 3.2 Patch 7 (6 nodes, no dedicated MNT).We’re seeing an issue where not all endpoints imported via API from an external identity source are showing up in Context Visibility.Cisco documentation suggests resetting and re...
Anyconnect VPN SAML SSO with Azure IdP, Multi-Tunnel Groups
SymptomsI had incredible difficulty locating details and even vendor support surrounding setting up Azure SSO to service anyconnect connectivity with multiple tunnel groups. So thought I'd potentially help by documenting the fixDiagnosisAfter followi...
Resolved! Is there a way to find out the physical interfaces used by a port channel in FTD 4110 or 2120 through FMC gui or FTD cli or from anywhere else?
I have lately realised that there is no way to actually figure out the physical interfaces used by a port-channel in FTD 4110s or 2120s or probably any FTDs through the FMC gui or FTD cli. I asked TAC about this and they also advise there is no way t...
ISE Alarm : Warning : Profiler SNMP Request Failure. Error Message=Req
ISE Alarm : Warning : Profiler SNMP Request Failure. Error Message=Request timed out.I keep getting daily alarms for all different switches in my network. I've been through and removed any old SNMPv2 configuration and I've added only SNMPv3. I can co...
Resolved! Multiple emails for single user
Hello, I am setting up a Duo environment for our users. All of our users have 2 email addresses, formatted as follows: username@123.com and username@abc.com. Our on-prem Exchange is set up to give every account both emails as an alias for the same ac...
FQDN Update for Roaming Client Reliability
Update (January 21st 2026): The last round of enablement will happen over the next couple of weeks. Original Message: We are rolling out an important enhancement to improve connection reliability for the Cisco Secure Access roaming client. Please re...
Reimage Cisco FTD 1120 - empty disk, missing correct FXOS
HelloBeen struggling with a Cisco 1120 today, no warranty left, but would like to get it running again. Tried a new disk and flashed it with tftp from rommon, also tried USB. Unit comes up with FXOS, but not able to install FTD with scope --> firmwar...
Issue with resolving DNS for boostbadges.com
Our school is protected by Cisco Umbrella Web filtration and DNS pointing at their resolvers of course. I white listed the domain but we still can't reach it. Using a different network that does not have the filtration, it works.Anything else that mi...
Reminder: Duo CA bundle update; action required by February 2, 2026!
This is a reminder that Duo’s existing CA bundle will expire on April 15, 2026 due to the the Mozilla CA distrust policy. This expiration will affect all Duo products that use certificate pinning. This service change affects all Duo customers and d...
Resolved! DUO - allow logon locally
Hi, We are using DUO Wondows logon 3.1.1 to enable MFA for our Jump servers. Is it necessary that, users who need to authenticate to those Jump servers should be under the GPO policy “Allow logon locally”. we have around 500 users who need access to ...
locked out from duo administrator's account
Hello,I'm the administrator of our duo security but the phone with my duo mobile is broken.I have a new phone but since the old is not working I cannot transfer the account.I'm also locked out from all protected devices.How can I login to administrat...
Clarification on DELETE behavior in Duo Automatic Provisioning.
In Duo Automated Provisioning using SCIM, I’m observing the following behaviour and would like to confirm if this is expected:When a user is first removed from a SCIM-provisioned group and then deleted from Duo, no outbound SCIM DELETE request is sen...
Resolved! switch to the secondary PAN node
Hello.Is there any way to automatically switch to the secondary PAN node if the primary PAN node crashes? This usually has to be done manually.Thanks!
| User | Helpful Count |
|---|---|
| 114 | |
| 26 | |
| 22 | |
| 11 | |
| 9 |
