About Marvin Rhoads

Marvin Rhoads · ‎04-01-2020

Like @Cristian Matei said, VPN load balancing is the most common method for appliances with ASA image. (It's not supported on FTD image.) Another method is round robin DNS. If you have a load balancer or "application delivery controller (ADC)" like Citrix Netscaler or F5 BigIP you may be able to put your ASAs behind it and to load balancing on the ADC. Also, depending on your deployment, Optimal Gateway Selection (OGS) is a potential option. That one is usually for organizations with their ASAs spread out in different locations geographically.

Marvin Rhoads · ‎04-01-2020

You have to configure and use the diagnostic interface to access LINA via SNMP as of 6.5.0.4. Stay tuned for changes in 6.6 in this regard.

Marvin Rhoads · ‎04-01-2020

In this context, "connections" means tcp connections. The ASA is a stateful firewall and keeps track of every active connection through it in order to allow the return traffic. More detail on connections can be found here: https://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/113602-ptn-113602.html

Marvin Rhoads · ‎04-01-2020

I've seen some scanning tools report these as false positive. I never did quite figure out why.

Marvin Rhoads · ‎04-01-2020

Partners (like myself) use Cisco's ordering tool and associated ordering guides and partner training materials to know the correct SKUs to quote and order. Cisco doesn't sell direct to the general public, so you should be working with a partner in any case.

Marvin Rhoads · ‎04-01-2020

If they are console messages (not CIMC GUI), then to direct console messages to the physical serial port: sudo /usr/local/sf/bin/configure_console.sh serial The management interface should then behave normally. If it's actually the CIMC GUI then I am at a loss on that one. I'd open a TAC case if that is what you are seeing..

Marvin Rhoads · ‎04-01-2020

I'm not positive but it is the only thing I could think would change it without you having done it yourself. You could open a TAC case to confirm.

Marvin Rhoads · ‎03-31-2020

I'm not sure what you mean by "How can I verify this SKU..." If you purchase you will get a license that you can then install on your ISE-PIC server. The basic license (R-ISE=PIC=VM-K9=) does indeed cover 3000 active sessions.

Marvin Rhoads · ‎03-31-2020

From this line: snmp-server host inside 172.19.160.21 ...we are expecting the SolarWinds server queries to arrive on the inside interface. Is the server on a VPN tht connects via the outside interface? If so, you need to allow management access to the inside interface with the command: management access inside ? https://www.cisco.com/c/en/us/td/docs/security/asa/asa84/configuration/guide/asa_84_cli_config/access_management.html#30377

Marvin Rhoads · ‎03-31-2020

I've found it to be pretty stable and useful. But I have the advantage of being in a beta program and thus have the ear of the beta manager who has access to the developers for the harder questions. Are you unable to onboard any devices?

Marvin Rhoads · ‎03-31-2020

What type of device are you trying to manage? Can you share a topology drawing?

Marvin Rhoads · ‎03-31-2020

There should not be a CIMC GUI on the FMC 1000. https://www.cisco.com/c/en/us/td/docs/security/firepower/1000_2500_4500/hw/guide/b_install_guide_1000_2500_4500/b_FMC_M4_HIG_chapter_00.html#id_38543 Could somebody have changed it to redirect the shell output to the management interface? https://www.cisco.com/c/en/us/td/docs/security/firepower/hw/getting-started/fmc-1000-2500-4500/fmc-1000-2500-4500-gsg/set_up_alternate_firepower_management_center_access.html#id_80704

Marvin Rhoads · ‎03-31-2020

There's not currently any Cisco tool or procedure for moving a device configuration from FDM-managed to FMC-managed. Have you looked into CDO? It can manage multiple FTD devices via their public interface if you use token-based onboarding (6.4 or later) - everything is encrypted in transit via TLS 1.2 as well as at rest. You also get the advantage of object sharing, comparing for inconsistencies, etc.

Marvin Rhoads · ‎03-31-2020

Since the Firepower is identifying it as an intrusion event it should already be blocking the destination IP address. To ascertain what might be causing it on the endpoint can be a bit more difficult. If whatever endpoint protection is not already catching it, a deeper investigation may be required. I would typically use something like SysInternals tcpview utility in Windows to determine what process (if it's not the browser) is making the connections to the address shown in the event.

Marvin Rhoads · ‎03-31-2020

@Kevin Klous you're welcome. I did see the two latest episodes appear in my Apple Podcasts app earlier today.

Marvin Rhoads · 02-17-2019

Thanks for hosting a lovely dinner Monica and Denise. It was great to meet so many fellow VIPs and s...

Marvin Rhoads · 01-18-2019

My most sincere congratulations. Welcome Peter to the Hall of Fame.

Marvin Rhoads · 09-08-2018

@Arne Bier the 2.4 Patch 3 release notes don't mention fixing that bug. https://www.cisco.com/c/en/u...

Marvin Rhoads · 09-06-2018

@iseman-18 it's a bit too soon to tell after only 24 hours or so. I can confirm that it installed fi...

Marvin Rhoads · 08-30-2018

Patch installation should not require a hotfix rollback. Generally the Patch should include hotfixes...

Marvin Rhoads · 08-30-2018

I applied the Struts v2 hotfix and it works fine. Unless you really need that fix, I'd wait until it...

Marvin Rhoads · 08-03-2018

Thanks for the update Hsing-Tsu - I see the new file is posted. I think I'll wait a week or so to tr...

Marvin Rhoads · 08-02-2018

@Istvan Matyasovszki Friday 3 August is the latest projection. It could be late in the day San Jose ...

Marvin Rhoads · 07-31-2018

@Istvan Matyasovszki I've been told to expect it in the coming few days. I'm sure Cisco will want to...

Marvin Rhoads · 07-29-2018

CSCvk57963 was filed as a result of a case I was working with TAC. Basically the installation fails ...

Marvin Rhoads · 01-27-2018

Thank you Monica and the rest of the Cisco Support Community Team. We appreciate your continued supp...

Marvin Rhoads · 09-19-2017

@andrew333. Thank you.

Marvin Rhoads · 09-16-2017

@Mark Malone, Thanks Mark.

Marvin Rhoads · 09-12-2017

@Becky Scott, Yes - I would expect it to spell check incrementally just as it does in most other web...

Marvin Rhoads · 09-11-2017

@Becky Scott, I am using Chrome Version 61.0.3163.79 (Official Build) (64-bit) on Windows 10 Pro. I ...

Date Registered	‎06-28-2001 03:55 PM
Date Last Visited	‎04-01-2020 07:45 PM
Total Messages Posted	17,188
Total Helpful Votes Received	17268

Re: Cisco Fpr2130-Asa-k9 cluster for VP...

Re: Firepower FPR2110 SNMP Access to LI...

Re: What does connection status mean in...

Re: ASA ports 2000 and 5060 open to out...

Re: ISE PIC License

Re: Cisco FMC 1000 management interface...

Re: IPS email notification

Re: ISE PIC License

Re: SNMP v3 not working on solarwinds

Re: From FDM to FMC Conversion

Re: SNMP v3 not working on solarwinds

Re: Cisco FMC 1000 management interface...

Re: From FDM to FMC Conversion

Re: MALWARE-CNC User-Agent known malici...

Re: Episode 57 - Maximizing AnyConnect ...

Re: Cisco Designated VIP and Hall of Fame Appreciation Dinner at Cisco Live Barcelona 2019

Re: Congratulations Peter Paluch: Our Newest Hall of Fame Member

Re: ISE 2.4 Patch 2 Release Now Available

Re: ISE 2.4 Patch 2 Release Now Available

Re: ISE 2.4 Patch 2 Release Now Available

Re: ISE 2.4 Patch 2 Release Now Available

Re: ISE 2.4 Patch 2 Release Now Available

Re: ISE 2.4 Patch 2 Release Now Available

Re: ISE 2.4 Patch 2 Release Now Available

Re: ISE 2.4 Patch 2 Release Now Available

Re: Cisco Support Community Designated VIP Class of 2018 Announcement

Re: Congratulations Marvin Rhoads: Our Newest Hall of Fame Member

Re: Congratulations Marvin Rhoads: Our Newest Hall of Fame Member

Re: Known issues post-launch

Re: Known issues post-launch