Hi   You can just create a ACL for the other 2 networks as well and call them in class-map to be matched and redirected.   Example config here. https://www.cisco.com/c/en/us/support/docs/security/asa-firepower-services/118644-configure-firepower-00.html#anc12   Hope it helps, Yogesh ... View more

Hi   You can add the SHA value of that to whitelist in your policy. If you believe the file is not malicious at all and should not be marked malicious globally, please open TAC case to request for FP analysis.   Hope it helps, Yogesh ... View more

Hi   You can also enable security intelligence (both URL and IP) and make sure the default blacklist categories are blocked. That also does the trick sometime.   Hope it helps, Yogesh ... View more

Hello There,   The term unknown simply means  firepower does not know the username associated with that IP address. It can happen for multiple reasons but since the feature is working for most of other users, I would start the troubleshooting from user agent itself. User agent is dependent on reading windows logon event 4624 to identify new domain logons and then create user-IP mapping to be forwarded to FMC. >Login to machine which has user agent installed and then navigate to its installation directory. >There will be an application called tools.exe. >Run the app as admin and export current user-IP map from 4th tab. If this mapping does not have the user-mapping for unknown users that you see on FMC, its likely that AD is not generating the logon events for those users and AD ecosystem needs to be checked. If the mapping does have the user-IP mapping but the same does not show up on FMC, then the troubleshooting goes to FMC and can have multiple causes. If the FMC is already on latest release, it could be that when FMC does LDAP query for those usersnames provided by user agent, it does not get sAMAccountName attribute and thus FMC does not recognize it as valid user. If that doesn't solve the problem, then go ahead and open TAC case.   Rate if helps, Yogesh ... View more

Hi There,   The packets transfer from ASA to SFR is done via internal interface which is  controlled by system and cannot be modified. The mgmt interface (shared with ASA physical interface) is only used for external communication and its manager. ASA just needs to be configured with proper service policy and ACL to redirect traffic to SFR. All internal comm is done via control plane and dataplane if you want to capture traffic there.   Hope it helps, Yogesh ... View more

Hi Nandan,   That's right. If you need to use the ASA like you do FTD2100, you would need to reimage the box with a FTD image. https://www.cisco.com/c/en/us/support/docs/security/firepower-ngfw/200884-installing-and-upgrading-firepower-threa.html Otherwise you can continue managing ASA with ASDM/CLI and firepower module with FMC.     Hope it helps, Yogesh ... View more

Hi   You can do that using ISE host remediation. You would need to integrate FMC to ISE which would quarantine the host with dacl on switch using policies configured on FMC.   Hope it helps, Yogesh   ... View more

Hi   Yes, you can. the modules installation is independent of ASA failover. You can install the module on both 1 by 1 and then configured the service policy later without having do failover or affecting traffic before the redirection is configured.   Hope it helps. Yogesh   ... View more

Hi Kiran,   This could a confusion in terms of which rule policy is applied on which device. When you click on deploy, it would show all the devices registered to that FMC which has pending deployment ie: any config for that device has been changed.   For example, you have 2 access control policies. 1 ACP is applied to 1 device and another ACP which is targeting 3 devices. Example screenshot below from Policy>access control policies.   If you make change in the first policy which is targeting only 1 device and then save the changes. Click on deploy and FMC would show only 1 device for which config has been changed. Similarly, if you change the second policy which is targeting 3 devices, deploy would show 3 devices in list and not 4. If you make a change which affects both the policies, example intrusion rule update or change in a object which is called in both policies, than FMC would show all the devices in deploy list.   Rate if helps, Yogesh ... View more

Hi There,   Are you sure its the virus which is causing this? Are you able to resolve the website names via your PC CMD? What's the error you get in browser when try to open website. Or does the browser even open?   Hope it helps, Yogesh ... View more