Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
Hello folks !
We have distributed installation of cisco ise. And we need to somehow control disk space on these nodes.
So the question is - how to purge debug logs and where can we set up rules for logrotate for this logs ? Can we somehow delete all ...
Hello !
We have physical sensors and want to use ssl inspection for users traffic.
When we deploy this function we have (almost on any site) - unknown cipher error.
From SSL workflow we know that cipher suite selected by SERVER HELLO which in our cas...
Hey, folks!
We have physical FP and bunch of network segments in DMZ and lan. We'd like to use FP with virtual switch in inline mode.
We need SSL decryption, AMP, URL and so on. Will it work correctly as on scheme in attachment ?
We want to use seve...
Hello!
There is serious lack of information regarding firepower appliances. For example you can find many things about ASA with SFR, but nothing about physical Firepower appliances.
Thats why i have two questions:Can we replace our proxy with Physica...
Hello! Could someone help me with my issue. Ncs wont start and its failing all the time. In ServerStatus.log i can see something like this: Exception in thread "main" org.springframework.beans.factory.BeanCreationException: Error creating bean with n...
So guys,
I opened case in TAC and got my answer. Traffic flow as follows:
The client hello passes through to the end server. The end server sends
back the server hello with the chosen cipher suite. Then when the
client sends the premaster secret we...
Folks,
any tips ? Task seems be obvious but no luck with configuration. For example, i can see chrome use CHACHA20_POLY1305 for cipher and firepower can do nothing about this. How to prevent this situation ? How to force use firepower supported ciph...
Sure i have it.
Without cert or key you cannot create ssl policy.
We tested several sites and some of them allow ssl inspecton while most of them require not supported cipher suite by firepower.
Hi,
found another question
If we have 8 copper interfaces on FP, i assume its 4 pairs of In/out groups.
We have two traffic points - in DMZ and internal. Can we connect 2 pairs to DMZ and another 2 to internal traffic point ?
Policies will be bound...
