Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
Hello Community,I have Active Directory successfully integrated with FMC.My goal is to apply a Dynamic Access Policy (DAP) to my FTD, where the DAP should match a specific Active Directory group and apply a corresponding access policy (for example, A...
Hi,I’m trying to secure SNMP access on a Cisco ISR router (ISR4331) using CoPP and extended ACLs from external public IP's, but only allowing specific whitelist range.As I notice some vulnerability with regular ACL applied on SNMP, I’ve applied the f...
I have a template generator built in PHP, VTL, and I have also tested Jinja. This setup works well for generating Cisco CLI templates offline with the exact configuration structure I need, doing this since years..Currently, I apply these configuratio...
Hello Team,I recently implemented an FTD Firewall managed by FMC, primarily using it as a VPN concentrator for internal subnet access.Here’s my current configuration:I created two connection profiles, each assigned to a specific Group Policy.Under th...
Hello, I was using ultraconfig website to generate my templates CLI based on JINJA of the router but I just wanted to move to different ways like NSO/Ansible to improve automation of it and maybe someday full orchestrate. I started using NSO and make...
Dear @malcolmsalmons ,For your requirement, and your situation, I recommend you use Traffic Engineering with an Explicit Path, so the PW is forced to stay on the primary link and does not reroute. Just make sure RSVP is enabled across the core.I also...
Hello @ez9 , I had this issue in the past and also tried using EEM scripting, but it had some limitations if some interlink goes down.The most reliable and way I found with ASR9k by using Ethernet CFM (MEPs + CCMs + AIS) together with propagate remot...
