Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
Hello - can FTD/FMC running snort3 collect >TLS1.2 client hello/server cert metadata collection in connection events for example? I do not want to deploy EVE and SSL decrypt is not an option. I just want to capture server cert metadata, SNI etc. Is t...
I am trying to create a policy that blocks all SSL traffic to/from a particular host. I am using https curl to the host from a test client to prove this. I have tried adding an SSL policy which has the host and test client (both are in src/dst) with ...
Hi - can anyone tell me if/how the local admin password on FTD devices is encrypted?Is there any way to validate this (either way) via the CLI or FMC?Many thanks
Hello all,I have a 2 node (PPAN/SPAN) ISE deployment, used for TACACS+ I am moving to SMART licensing, at the moment I use the smallest perpetual Base license size available (100) and 1 device admin license on each node, the Base which is installed o...
I am looking at uplifting a small (2 node) ISE deployment from 2.6.0 > 3.2.0 (via 2.7.0 as required)Currently the 2.6.0 deployment is running classic licenses - base, VM, and device admin.I understand 3.2.0 requires smart licenses, however the enviro...
How to capture though? Are they displayed in connection events? Server certificate should have SAN/CN/OU in clear at TLS1.2, but not sure if FTD/FMC captures this by default. It may be a snort3 thing, I only have access to snort2 sensors at the momen...
Hmm OK, I don't want it to decrypt any traffic, I just want it to block ALL SSL of any kind, from a specific host - can the FTD not detect encrypted tfc. or the SSL handshake CLIENT HELLO etc. without actually decrypting?
On IOS devices you can see the password encryption type e.g. 5, 7, 9 etc.How is the password encrypted on a FTD device and how can this be demonstrated/viewed?Thanks
Nevermind - I have found it - thanks for your help! :In 2.x : Device AdministrationPerpetualTACACS+A Base or Mobility license is required to install the Device Administration license.The number of Device Administration licenses must be equal to the n...
