Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
Is there a chart that correlates patch numbers to build numbers? I see a new vulnerability says it's resolved with 2.7p10, but when I verify my version ISE shows 2.7.0.356 with 9 patches installed. Does that mean we are on patch 56? Patch 9? What ...
Hello all. My company has been using Cisco ASA in the datacenter for years and I'm pretty comfortable with them. We recently replaced them with Firepower 2100's as our ASAs went end of life and we were sold on the added benefit of FTD. Since insta...
We have 40 networks each using site to site VPN. Of those 40, 2 are hubs (primary and DR datacenters). Because of some BGP complexity we have the other 38 sites doing site to site VPN to just 1 hub. If we ever fail to DR, I'll have to change the h...
We have a user that has Charter Spectrum at her home. Currently she has a Cisco 5505 ASA using DHCP on the WAN connection and it's connecting to our corporate ASA without issue.As we are retiring our 5505s and moving to Meraki we have issued her a Z...
Well, I was missing something. I had a deny rule above the allow rule. I don't know why I missed that, but I did. The packet tracer still shows "(firewall) Blocked or blacklisted by the firewall preprocessor". but the application does actually wor...
Thank you for the input. I've aske our CCIE consultant for some assistance as well and pointed him to this post. Hopefully he'll find something I've missed.
We are not hairpinning traffic. It really should be as simple as SFTP app runs in VDI desktop in Datacenter -> default gateway is Nexus 9K doing all the routing in the DC -> firepower edge device -> Internet. Then of course the external server repl...
As a followup - We did the port forwarding of port 55555 on the cable modem and then assigned that on the Manual NAT Traslation on the Meraki and it's working. Of note, Comcast would not let us sign up for a static IP, so we do understand that shoul...
