Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
I am looking for a way to filter out all SSL Downgrade attempts for traffic passing through my FWSMs and/or ASAs. This traffic (the request to downgrade to a weaker cipher) is sent in the clear so this should be filterable by a FW somehow. I found th...
I need to rate limit UDP traffic on a port without affecting other traffic. Would the below work or would this drop all other non-UDP traffic? I could just change the ACL to IP ANY ANY but I would prefer to limit just UDP traffic. mls qosaccess-list...
Hi,I have the need to NAT between IPv6 and v4. I have a a situation where IPv6 Clients will be connecting to our IPv4 only Servers however, the servers use Multicast (SSM Multicast) as well as Unicast. The Clients will connect to the Servers in tradi...
Hello, I have a Cat6509 that I am building. It has a Sup720 (WS-SUP720-3BXL) in slot 6 that I want to boot from (with IOS 12.2)Apparently the bootflash has CatOS on it. Please see Show Ver below. The PCMCIA card I want to boot from has IOS on it ...
Hello, I have a Cat 6509 with a Sup720 card in it. I have two PCMCIA cards. One is running in the switch already (disk0) and the other is blank but formatted (disk1).All I want to do is copy all of disk0 over to disk1. An exact copy of disk0 to dis...
Official word from TAC is that this must be done with an IPS. This can not be done on an ASA/FWSM without one. I had hoped to use some inspect rules or the like but I guess not :-/.
Hi KanwalIs this applicable to traffic flowing through the FW or destined to it?I'm not concerned about traffic destined to the FW, I need to filter out this traffic flowing between hosts connected to the FW. Thank youSR
I found a similar discussion on Sonicwall that include some packet capture info but I can't tell yet what I can filter on. I'm told that in the client hello an export cipher (weaker cipher) is where the downgrade request is sent to the server. https:...
