Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
Hi
I have a group of dynamic objects defined by FQDN in mulitple ASA 5506/8-X.
Somehow after ugrading ASA software from version 9.6(1) to anything later, the DNS resolver fails.
Same config, nothing changed.
My remote sites are doing IKEv2 site-to-si...
I have some 5508X HA setups in PoCs, and I recently realized that I can't manage the standby device via ASDM, through an active IPSEC tunnel.That's an ASA classic issue, but it is a challenge for my ability to manual(huh) synchronize the Firepower co...
Hello
Is it possible in the above setup, to let Server A in site A send a directed broadcast to vlan 20 subnet in site B ?
What is the configuration needed to let this happen?
I've tried to enable the ip directed-broadcast command on all the L3 int...
Hi there,When FirePOWER is blocking SSL/TLS sites it would be preferable to see a response page, like with the HTTP pages.Is that possible? I guess it is with the enabling of SSL inspection?Any good guidance? Kind regardsThomas Winther
I have a few Access Rules where I want to apply a file policy for hits on specific applications.When I try that, I get the following Rule Warning:"File policy rule targeting application protocol "Any" may never be triggered due to Application selecti...
OK, for the configuration synchronization i need FMC.
But.., my setup is still ASA HA remote units, and I'm unable to manage the standby device via the IPSEC tunnel from HQ. So would FMC be I think?
Do you know how the standby unit can be managed beh...
So a stand-alone ASA-X could, in "traffic-forward sfr monitor-only"-mode, provide the visibility for Users/applications/traffic rates/URLs, that we do not get from the classic ASA?
Can the Firepower module forward all that info by Syslog to my extern...
you have established that the directed broadcast is propagated onto vlan 20
I'm not sure...I'm not able to capture any broadcasts in Server B, when pinging or probing the Site B directed broadcast address from server A.
Server A is getting sporadic...
The vlan20-SVI has all 1's in broadcast address(default):
sh ip int vlan20Vlan20 is up, line protocol is up Internet address is 192.168.20.240/24 Broadcast address is 255.255.255.255...
Should I set this to 192.168.20.255 ?
From Server A, can you ping Switch B's VLAN20-SVI and Server B's IP address as well?
Yes I can ping Switch B's vlan20-SVI from Server A with success. And Server B's IP as well.
And from Switch B, does Server B reply when you ping 192.168.20.255?
...
