Customer produce FMC v.6.4.0.7. There are 2 devices connected - first - HA bundle of 2 FPR2130 (FTD) - License: Base, Threat, AC Plus second - ASA5515 (FTD image) - License Base The FMC reported error URL Filtering Monitor - URL Filtering Download Failure As there is no URL license used - I checked several other discussion and tried to turn on and off the URL Filtering license (on both deviceses) The alarm had gone, but after few days the alarm is back again. Can somebody advice how to solve this? (Some other way then turn off the alarm in Health Policy)   Regards   Pavel ... View more

Customer provides campus network with full DOT1x deployment with ISE 2.2 servers and he found several occurrences of quite weird behavior. In RADIUS live log (or report) we found log of successful end-user login, but the logged identity (username) not exist in any identity source. When we checked the details we found it was authenticated against Active Directory but at the beginning the identity - lets say John - was used 2 times - 2 times login was denied but it continued in the same RADIUS session with different identity (different resolved identity) with the user identity (for example Lennon@campus.org) - this time the login was successful and the user has ben allowed to connect. I can see the right login username in field "AD-User-Resolved-Identities" but this is the only place I can find the real identity used for authentication. The RADIUS username field stayd the same as it was setup at the beginning and the same username is logged to CIEM too (John in our example). Customer has then problem with identifying such users when he search it in his CIEM database   Does anybody met such behavior - is there any way how to disable this? It could be enough to separate it to different RADIUS sessions - first 2 denied with nonexistent user identity and 3 rd try with proper username authenticated and logged with the real username used for authentication.   I checked rules in AD identity resolution - there is nothing set and I did not find any way how to use it in our case.   Thank you for any help Regards Pavel ... View more

I need to run REST API on ASA (to be able to cooperate with script for lets encrypt certificate)  - no problem with downloading the image and enabling it. Even with functions of the REST API self have no problems.  I encounter problems with running firepoware services on the same box. First I was unable to install firepower services - I tried it several times. Then I realized it was due to REST API enabled.  I had problems with uploading image to ASA flash - I was unable to format it - it called the disk is used by some other application - again the issue disappear once a disabled the REST API. Last time when REST API was enabled for aprox 2 weeks I realized I cannot connect to firepower services - It lost configuration for connection to Firepower Management Center - when I setup it again, it calls another error it cannot establish the tunnel - so the whole configuration of the firepower services was somehow corrupted. I had to reimage the firepower services from scratch. It seems to me the REST API somehow impacts access to local flash and this caused the issues I encounter. Has anybody else similar problems with running ASA REST API? ... View more