Hi   You can just create a ACL for the other 2 networks as well and call them in class-map to be matched and redirected.   Example config here. https://www.cisco.com/c/en/us/support/docs/security/asa-firepower-services/118644-configure-firepower-00.html#anc12   Hope it helps, Yogesh ... View more

Hi   You can add the SHA value of that to whitelist in your policy. If you believe the file is not malicious at all and should not be marked malicious globally, please open TAC case to request for FP analysis.   Hope it helps, Yogesh ... View more

Hi   You can also enable security intelligence (both URL and IP) and make sure the default blacklist categories are blocked. That also does the trick sometime.   Hope it helps, Yogesh ... View more

Hello There,   The term unknown simply means  firepower does not know the username associated with that IP address. It can happen for multiple reasons but since the feature is working for most of other users, I would start the troubleshooting from user agent itself. User agent is dependent on reading windows logon event 4624 to identify new domain logons and then create user-IP mapping to be forwarded to FMC. >Login to machine which has user agent installed and then navigate to its installation directory. >There will be an application called tools.exe. >Run the app as admin and export current user-IP map from 4th tab. If this mapping does not have the user-mapping for unknown users that you see on FMC, its likely that AD is not generating the logon events for those users and AD ecosystem needs to be checked. If the mapping does have the user-IP mapping but the same does not show up on FMC, then the troubleshooting goes to FMC and can have multiple causes. If the FMC is already on latest release, it could be that when FMC does LDAP query for those usersnames provided by user agent, it does not get sAMAccountName attribute and thus FMC does not recognize it as valid user. If that doesn't solve the problem, then go ahead and open TAC case.   Rate if helps, Yogesh ... View more

Hi You can run following >sudo manage_HADC.pl  This default script contains most of the HA operations which can be done. I would suggest to do any kind of HA operation from GUI only to avoid any misconfig or error. But in case GUI isn't accessible, this comes in handy.   Rate if helps, yogesh ... View more

Hi   It can be done in 1 shot for most of the devices. As FMC would simultaneously push the upgrade to all devices and then do upgrade. Just make sure that the FMC has enough bandwidth to push all of the files to all the sensors together.   Hope it helps, Yogesh ... View more

Hi   I am assuming you have blocked the geo blocking on firepower module on ASA. Then the behavior is expected and outside world would be able to ping ASA outside interface as that connection would not be passed on to SFR.   Hope it helps, yogesh ... View more