Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
Hello,I have am using FMC and FTD version 7.2 and I have a working configuration using SAML authentication. I'm trying to add Certificate authentication, but I'm having a problem validating the certificate installed on my client machine. First a coup...
Hello. I don't want to re-invent the wheel here. I'm using FTD firewalls with FMC using Azure AD SAML SSO authentication, then my internal ISE server is doing the Authorization. I'm being asked to require that only company computers are allowed to co...
Hello,
I'm trying to secure my network. First here's a diagram.
I have a L3 switch for each ISP. For this question, I'll focus on the left switch with the WAN IP of 3.3.3.3. The WAN IP is external facing, so I want to harden it for added securit...
Hello,Easy question here. Hopefully. I'm upgrading my WLC and ISE implementations. ISE 3.1 is now the recommended version, but if I look at the compatibility matrix, and a couple other places, it shows that WLC version 17.3.5 is compatible with ISE 3...
Hello!I'm using Arctic Wolf for security scanning, and they're telling me that port like 135 and 3389 are open. I have an externally accessible server with 1 to 1 NAT setup, then my ACLs only permit web traffic. When I do a packet capture, and try to...
I'm not quite sure I understand your question. If you're using firepower, then flexconfig is the only way to apply the command. You can't use the cli for configuration. If you're using an ASA, then you CAN just apply the cli command.
The following is courtesy of ChatGPT, so take it with a grain of salt. I moved onto a new job that uses Palo Alto instead, so I don't currently have a setup to verify this information with. Be very careful of flex configs. Here are step-by-step instr...
Hey Chris! I came across your post looking for the same answer. I admit, I'm still a little confused on the best route to go, but if you haven't gotten an answer yet, here's another thread that provides some answers. Like you, my remote sites are far...
