Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
Hi,We have a hierarchical access policy where the parent policy is applied to some firewalls and child policy to others. On the parent policy we have some rules with IPS functionality enabled and all the firewalls associated to the parent policy have...
Hi,I have successfully configured the integration between FMC and ISE to trigger an ANC policy using correlation rules. My objective is to apply an authorization profile into the ANC policy that delivers the "quarantined" SGT. However, using the "Qua...
Hi,We need to replace a virtual ASA in HA (active, stand-by) which is currently in production attached to multiple service graphs, so the process must be as smooth as possible. I was thinking on setting the same IP and MAC address on the new firewall...
Hi,How does SNA classifies source and destination IP addresses and ports for flows? I've noticed port 80 as subject port and random high ports as destination, which for me, is a typical client to server communication but the subject and peer are exch...
Hi,We are leveraging the API to perform bulk uploads of endpoints into hostgroups and we noticed that everytime we upload an existing IP in a hostgroup, the IP is removed and recreated again. If the IP does not change, is SNA deleting the historical ...
Hi @balaji.bandi The setup on the link provided uses a very similar approach than me, with the only difference of applying a DACL instead of an SGT. The issue I'm facing is that, no matter if I select "reauthenticate" or "quarantine" as ANC actions, ...
Hi @Cristian Matei The new firewall is a virtual FTD, so we can consider the same as the existing Cisco ASA. A glitch in the network is expected indeed. I just wanted to ensure that this would be the best approach. Thx,
Hi @David Salter Thanks for your intereset in our case. We currently use SNA APIs to programatically incorporate assets exported from our inventory tool. Below a snippet of the script.Since we still seeing flows from IPs that no longer exists, we tho...
