I need the SMA to trust an internal CA so I can use secure LDAP for end user quarantine access but I can't find anywhere how to add a trusted CA to the SMA database. Is there a way to do it? ... View more

I'm trying to understand if the desktop client is a must or if I can manage everything through the web GUI. ... View more

I have an FTD currently being managed by a virtual FMC and I'm moving it to a FS4000 appliance. Is there any documentation for the proper steps to move the FMC? I already have the policies and objects created on the new FMC. What happens to the interfaces configuration when it's migrated? Do I need to reconfigure it manually? Thank you ... View more

The link below has a sizing guide that talks about configuring multiple reporting servers and load balancing servers but the documentation has no information on how to configure multiple servers with specific roles (indexer, forwarder, etc). Is there any documentation on how to design and install the AWSR with multiple servers? If the estimated requirements for indexed data volume exceed 100 K/Users (estimate: 100 GB/day,) the server infrastructure should be adjusted. • By adding another Advanced Web Security Reporting instance and adjusting the configuration, the new infrastructure would offer an increase in aggregate indexing and search performance (once the data is load-balanced), and an increase in storage and retention capacity. • A dedicated forwarder server would also be added to the infrastructure and configured to monitor the WSA log files and forward the log data across multiple indexers using load balancing. • To facilitate the implementation and configuration of an environment that exceeds 100K users, it is recommended that you engage Professional Services. http://www.cisco.com/c/dam/en/us/td/docs/security/wsa/Advanced_Reporting/WSA_Advanced_Reporting_6/Advanced_Reporting_release_notes_6x.pdf ... View more

I'm deploying a cluster with 2 ESAs that will be behind a Netscaler loadbalancer to balance connections from internal users for outbound emails. The internal users won't perform MX or any other DNS lookup. They need a single SMTP relay to connect. Since there are a lot of internal hosts connecting a loadbalancer will be used to provide redundancy and load balancing. The internal hosts will be forced to use TLS to talk to the ESAs for authentication. Is there any special consideration fr the ESA configuration or the load balancer configuration to function properly with SMTP and SMTP over TLS? Thank you! ... View more

Hi, I have an ASA5516-X with FirePOWER module. The ASA is running version 9.6(1). The module is running 6.1.0-330. There is only one ACP rule inspecting all traffic using an Intrusion Policy that was tuned by FireSight recommendations. After experiencing Network Delay it was verified that SNORT was reaching 100% CPU utilization so the Policy-map was configured on the ASA to stop sending traffic to the FP module. After removing the traffic from FP the network went back to normal, but Snort is still spiking to 100% CPU. This happened twice already. First with the 6.1.0 version, and now with 6.1.0-330. The traffic is around 150Mb and Snort CPU is getting busy with no traffic. This tells me it's not just traffic overload that's causing it. Any suggestions? Thank you, ... View more