Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
We would like to connect a ASA 5585X Firepower hardware module to a switch span port to discover current live traffic on the production network.However there is no traffic being captured using a service-policy.The documentation I can find is about co...
Is Firesight management center capable of configuring normal ASA firewall rules on an ASA5585X with Firepower module?That means I no longer need to use ASDM to configure normal firewall rules.
We are trying to configure ISE to authenticate wifi user through WLC using MAC address.ISE checks against internal endpoint identity store for authorized MAC address.We found that the first time a wifi device tries to connect (this MAC address has no...
We are going to change IP address on 1121 (ACS 5.3) and 3415 (ACS 5.5) appliances.Do we need to renew the server certificates on them? These certificates are issued by an external CA and are used for EAP-TLS client authentication.
I understand that there is a migration tool that can help upgrade ACS 4.2 on windows platform to 5.5 apliance. However, it does not support certificate migration.Customer is using client certificate for wireless client authentication. Does that mean ...
Thanks for the comment. I will give it a try.
In the document I quoted at the very beginning, it says that to configure passive mode, we should use in a service policy map
sfr fail-open monitor-only
What is the purpose of this command?
Thanks for your response Marvin. However I think the information you provided are for FirePOWER software module.There is no such command "traffic-forward sfr monitor-only" on any ASA 5585X interface, which runs 9.2.3.4. Regarding the transparent mode...
Yes we figured out a way to prevent the unwanted mac address from passing the authorization rule.But what is the point of letting such unwanted mac address to pass the authentication rule in the first place? Why don't we just stop it in the authentic...
Boris, I got the exact same issue as yours, except that we are using MAB for wireless clients and we are on version 1.3. The action for "if user not found" is already "Reject", but the wireless client's mac address is still automatically placed into ...
