About Da ICS16

Da ICS16 · 05-15-2025

Dear Team, We are looking the stable FTD version can upgrade to fixed the vulnerability and ensure it cover suck of attack like VPN brute force...and prevent AD Account locked out even attacker known the legit AD user. Kindly share commend / good pra...

Da ICS16 · 04-25-2025

Dear Community, We explore the solution to mitigate VPN brute force attack in Cisco FTD. AD users always locked out when under targeting potential VPN brute force attacks so it leads to AD account locked out and impact to legit users (internal user...

Da ICS16 · 01-21-2025

Dear Cisco Community, We use ISE version 3.x both using LAN dot1x and VPN tunnel. ISE integration with AD for Authentication. When user connect to VPN ( Cisco Secure Client ). It required to check AD user credential, PC certificate and OTP. It also c...

Da ICS16 · 10-15-2024

Dear Cisco Community,We use ISE version 3.x with around 3K licenses.We have kind of MAB device and PC so on ( Essential, Premier, Advantage ).In case we use over current 3K licenses. What is occur?Are there those devices become Noncompliance or else?...

Da ICS16 · 09-25-2024

Dear Cisco Community, Current in my lab using ISE 3.x with SC 5.x only check Anti-Malware (CS)installed. I plan to config more posture check by enable CS check both (installed and Running). Can you share good practice and how to config it? Thanks for...

Da ICS16 · 05-19-2025

Hello @Rob Ingram Cisco TAC is also recommended to upgrade to the current cisco golden star version. Did you tested and resolve the case from vpn bruteforce? thanks,

Da ICS16 · 05-19-2025

Hello @Marvin Rhoads Thanks for commend. it is the workaround solution? Could you share doc/url me to review?Best Regards,

Da ICS16 · 05-15-2025

Hello @Rob Ingram Thanks for helpful commend.

Da ICS16 · 05-08-2025

Hello @ahollifield You mean to implementation certificate-based as first authentication on FTD and set expired date? Even external user / non-domain devices try to use this certificate but cannot promised and failed authentication stage? And not lea...

Da ICS16 · 05-07-2025

Hello @Marius Gunnerud ,Yes we use ISE for Auth.C & Auth.Z and Accounting rely on NGFW.Could you share the URL of configure MFA with certificate authentication?Thanks,

Member Since	‎11-20-2023 01:12 AM
Date Last Visited	‎05-20-2025 06:07 PM
Posts	99
Total Helpful Votes Received	4

User Statistics

User Activity

Stable FTD released version and fixed brute force attack

Look solution to mitigate VPN bruteforce attack

Replace certificate with VPN

ISE Licensing

Anti-Malware Application condition CS

Re: Stable FTD released version and fixed brute force attack

Re: Stable FTD released version and fixed brute force attack

Re: Stable FTD released version and fixed brute force attack

Re: Prevent Active Directory account lockout in Cisco ISE

Re: It is posible to stop Brute Force attacks in Firepower Theat Defen