Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
Hi Guys,I am planning to run 3 Firepowers in clustering mode, but I am not sure if they can run VPN site to site and VPN remote access.If they are, do they need any specific license?
Hi Team,I would like to know if there is a way to change the FCM syslog port.In Web interface there is no option available.Is there a way to change it via cli?
Hi Experts,I am configuring an ISA 3000 in transparent mode using subinterfaces.I created a BVI1 and assign the bridge-group 1 into the subinterfaces using separated vlans.But I am not able to send traffic into the same BVI, firewall shows the follow...
Hi Fellas,I have a question, regarding how the ASA with IPS module or Firepower with intrusion policy is able to check VPN traffic.The traffic is coming from a L2L tunnel and does a U turn pointing to a VTI so the traffic never pass through the devic...
I upgraded the devices yesterday, also the FMC to 7.2.9The error message persists.I cleared the tunnel in both phases.I checked the querys in the FMC expert mode and deleted the critical alert, but less than a minute later it reapeared.OmniQuery.pl -...
Hi,I am currenly using FTDs 1120 running code 7.2.7 tonight I will upgrade to 7.2.9 and that error message has been continuous for several time, but the VPN is working fine.I will let you know what happens after upgrade.
Hi,It was an issue on the layer 2 switch behind the firewall.I assigned the mode access ports but I did not create the vlan xx so the interfaces did not know how to tag it.I noticed it when I checked the show vlan
So just let me confirm, if I disable the sysopt connection permit-vpn I will be force to set ACLs or ACPs to allow the VPN traffic so in that way I could enable the intrusion policy for those specific lines to be checked.I will try to test it and let...
I have exactly the same issue now.The anyconnect users are able to watch all the aliasses available and the FMC/FTD is not able to limit like the ASA did woth the group-lock valueis it necessary to do it on the ISE only?
