Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
We currently receive syslogs (informational) for all connections but have recently deployed an auditing tool that requires that each ACL also be set to log. Is there a way to globally set all ACLs to log?
%PIX-1-104001: (Secondary) Switching to ACTIVE - Set by the config command.Prior to that, there is no indication of any issues. I initially believed that is the result of a manual failover but there was no evidence that anyone logged in.Any assistanc...
Thank you for the reply. The issue that we are having is that we currently manage hundreds of ASA's , each with hundreds of ACE's perACL. Is there a way to globally set each ACE to log without redoing every single ACL?
Working for an MSS, most of our clients that implement this do not route anything but DMZ traffic on the DMZ. Additionally, if there is more than one point of presence on the DMZ, using non dmz addresses may cause DMZ routers to send responses asynch...
Any chance your security levels are non-standard? Is nat-control turned on? A show nameif and the corresponding route statements for the LAN and VPN may help.
What does the show fail command show about the standby firewall?Is this a LAN based failover?Make sure that you see traffic from the other firewall on the sync interface (dont look at interface stats, do a capture).
