Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
I am using a single global policy on an ASA HA pair acting as an inner Firewall. We have rules broken down into 'sections' for different solutions / systems. One rule allowed inbound DNS from DMZ to Internal DNS servers. This rule was disabled, pendi...
I am trying to establish a base policy on a FirePOWER deployment. I want to introduce ANTI-Spoofing of RFC1918 addresses and all other reserved IP addresses to block anything at the Firewall with such addresses in the source. I understand that revers...
For years CISCO had 'validated designs' to cover 'all' circumstances, but they have avoided this one completely (as far as I can tell) TBH I have been looking for 'proper / serious' recommendations on this from CISCO for some time, and do not think ...
Hi thanks for your response. I did look at this option, but the text states that it would bypass the policy which is not what I need. In effect I want to pass the pre-filter, but apply the policy to restrict specific services etc. I have not experime...
Thanks for the response.I would tend to agree about filtering up chain, but that is not an option for me at the moment.I wanted to try out the pre-filter with RFC 1918 and all the other reserved address space before I moved on to the FULL Bogon list....
