About jeromecandiff

jeromecandiff · 05-24-2010

We currently receive syslogs (informational) for all connections but have recently deployed an auditing tool that requires that each ACL also be set to log. Is there a way to globally set all ACLs to log?

jeromecandiff · 06-22-2009

%PIX-1-104001: (Secondary) Switching to ACTIVE - Set by the config command.Prior to that, there is no indication of any issues. I initially believed that is the result of a manual failover but there was no evidence that anyone logged in.Any assistanc...

jeromecandiff · 05-24-2010

Thank you for the reply. The issue that we are having is that we currently manage hundreds of ASA's , each with hundreds of ACE's perACL. Is there a way to globally set each ACE to log without redoing every single ACL?

jeromecandiff · 10-14-2009

Working for an MSS, most of our clients that implement this do not route anything but DMZ traffic on the DMZ. Additionally, if there is more than one point of presence on the DMZ, using non dmz addresses may cause DMZ routers to send responses asynch...

jeromecandiff · 10-14-2009

Any chance your security levels are non-standard? Is nat-control turned on? A show nameif and the corresponding route statements for the LAN and VPN may help.

jeromecandiff · 10-14-2009

In 8.x you have the ability to disable certain aces.

jeromecandiff · 09-30-2009

What does the show fail command show about the standby firewall?Is this a LAN based failover?Make sure that you see traffic from the other firewall on the sync interface (dont look at interface stats, do a capture).

Member Since	‎02-03-2009 03:02 PM
Date Last Visited	‎08-18-2017 03:54 AM
Posts	14

User Statistics

User Activity

Globally setting all ACLS to log

Troubleshooting the cause of a failover and I get the following:

Re: Globally setting all ACLS to log

Re: Reasons to NAT Inside to DMZ (or DMZ to Inside) ?

Re: No Translation Group Found

Re: temporarily disable rules?

Re: ASA switching over from Active to stanby