Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
Recently migrated from snort 2 to snort 3 and looking for best practice to maintain and review IPS policy. For example, in new snort 3 policy I no longer have the POLICY LAYER where I would go to view any NEW or MODIFIED rules from previous update. H...
Hello,Recent upgrade to new FTD 7.x and with that snort 2 to snort 3. I noticed that there are over 100 rules that have not been migrated. The message i'm seeing is: Rule Overrides Rules migration skipped for 100 rule/s with missing Snort2-Snort3 rul...
The Setup:Cisco ISE 3.x, cisco wired switch 3850. I have a port that is configured with default VLAN X and this VLAN X is also setup to get DHCP IP from 3rd party DHCP server. This switch/port is also configured for wired Dot1x. I have a MAB policy o...
Existing: HA pair active/standby ASA 5585-SP20 running version 9.12 with VPN Premium License.Want: Enabling the "anyconnect mobile" feature on existing ASAs VPN utilizing new APEX license and keeping all other existing licensing in place. Existing L...
Standalone Windows 10 laptop using native supplicant and ISE 2.2. Setting up machine type eap-tls authentication for windows. How can you get rid of the "host/" that is prepended to the identity when trying to authenticate with ISE? Where is that "Ho...
How about going the 'macro' way? Possibly due a macro on switch that is triggered by ISE authorization profile?Something to this effect: https://community.cisco.com/t5/network-access-control/solution-for-change-of-vlan-for-wired-guests-using-smart-po...
Hi Marvin - thanks for your reply and feedback. The 10G interfaces - the new license has 10G I/O Plus. I'm wondering if this is same (can't find why/what the "plus" means vs just 10GE I/O. Existing ASAs have 10G I/O enabled and license for them. One ...
Thanks for your response - BUT now you're mixing UDP with TCP. For example: design document calls for the VIP on the F5 for RADIUS to be configured as UDP protocol. I'm afraid that TACACS traffic will then have issues. With that said - let me ADD to ...
Awesome - and very last thing as I do not see it referenced in Always-ON solution. Does the Always-ON / autoconnect solution effects ISE Posture and its compliance/posture module at all? Or business as usual, AnyConnect starts using user SSL cert and...
