Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
Bit of a long one. Hopefully someone can provide some clarification, I am trying to get my head around how rules are matched in ACP. (I want to understand it for this scenario)
We have 2 FTD rules in our ACP.
Rule 1 : Allow source 10.0.0.1 towards...
There might an obvious answer to this
My understanding is that, when you create an l7 ACP entry on Firepower, Few packets are sent through the DAQ engine to identify the app so it can evaluate the l7 ACL. Then based on l7 Evaulation its allowed or b...
We've just setup 3105s in HA with a FMC
When we failover the FW, and check the route table we cant see our default route on it. it takes over 20 seconds for the static route to be populated in the routing table.
The outside interface is up and con...
We used the migration tool to migrate our ASA config to FTD, Auto assigned the zones and Interface groups.
When we try an create a new ACP rule, we're not seeing the zones or any of the objects that was migrated over. We can see the all the objects...
This is a very strange one, Our SSL inspection suddenly started to fail across our (ASA+SFR) environment.
- We deployed SSL inspection about 2 years ago, and had no issues till now.
The Symptoms we're seeing are
- Under the events: SSL Flow error: ...
As Marius mentioned
If you want to allow username/AD group based access (on ACP) you need to integrate with Cisco ISE via PXgrid to get IP to username matches. (Your ISE enviroment needs to be integrated with AD via passive identity_
you could poss...
Cheers, Thanks for clarifiying it.
Thanks, We've just moved over from ASAs with SFR to Full FTDs, thus making sure we understand the packet flow. Also it doesnt help when we SNORT/DAQ/IPS get used to descripe the same process (sometimes).
