About Jack G

Jack G · 08-25-2023

I'm interested in deploying Easy Connect via ISE-PIC Essentials. Seems pretty simple from a wired perspective, but does it work with wireless? We use Aironet's with one acting as a WLC. Switches are catalysts.

Jack G · 08-21-2023

I configured RAVPN with SAML authentication. I'm using external browser and Azure/Entra for the identity provider. From an Azure/Entra joined computer, I tried to use "Start VPN when Cisco Secure Client is started", but I'm being prompted for usernam...

Jack G · 04-13-2023

Per the documentation, what can be local certificate be used for? Can it be used to ensure the machine connecting to the VPN is a member of the domain or is there a better way to go about that? Don't have an ISE deployment. I can't seem to find addit...

Jack G · 06-01-2022

How does a connection from an internet device reach the firewall's outside interface with a connection to a private IP? It's blocked, but still concerning some since I don't have a static NAT for this device, etc.

Jack G · 04-19-2022

Merged with another company. Looking to bring their servers to our data center. Will we run into issues with multiple realms since there’s two different AD forrest? Plan is to use additional interfaces for their own inside and outside zone to separat...

Jack G · 08-31-2023

Yes, ECMP and path monitoring does appear to be the way to go. Wondering what's left before an FTD can be considered "SD-WAN"

Jack G · 08-31-2023

So, if one has two default routes (one for each ISP) with the same Metric field value of 1, the firewall won't attempt to load balance at all? I'm not sure how the firewall determines which default route to use if both are 1.

Jack G · 08-25-2023

Thank you very much, I'll look into conditional access settings, etc.

Jack G · 04-13-2023

Understood, but they already use username and password for primary authentication as well as Duo MFA for secondary. Can posture be used to check and ensure the machine certificate was used by the domain before it allows the connection?

Jack G · 03-13-2023

Bomgar works with FTD 7.3 and TLS Server Identity Discovery enabled. Oddly, FTD 7.2.3 (recently released), Bomgar still doesn't work with TLS Server Identity Discovery enabled. The other odd thing with 7.3 though, I've had issues with remote FTD regi...

Member Since	‎08-31-2010 09:38 AM
Date Last Visited	‎09-06-2023 12:27 AM
Posts	72
Total Helpful Votes Received	20

User Statistics

User Activity

Does Easy Connect support wireless?

"Start VPN when Cisco Secure Client is started" and SAML

Secure Client/AnyConnect posture, local certificate option?

How does this connection attempt to reach internal device?

Share one FTD between two companies in different AD forests?

Re: FTD Dual ISP Loadbalancing

Re: FTD Dual ISP Loadbalancing

Re: "Start VPN when Cisco Secure Client is started" and SAML

Re: Secure Client/AnyConnect posture, local certificate option?

Re: TLS Server Identity Discovery Causing Possible Issues