Activity in Security
VPN with Alias on FTD
Currently we have an ASA and use Secure Client 5.1.8.105 and two profiles using Alia that authenticate via 2FA. To get the correct profile, split tunnel or full tunnel a use tacks the alias on to the URL and then connects, authenticates full 2FA and ...
Changing timezone from EST to UTC in ISE 3.3 patch-4
Hi guys,I have a five nodes cluster ISE 3.3 patch-4:Node 1: PAN & Primary MNTNode 2: SAN & Secondary MNTNode 3, 4, 5: PSNThese servers were built before I work here, and the engineer before me used EST time zone instead of UTC as recommended by Ci...
FTD migration
I’m currently working with an FTD 2110 firewall running version 7.0.6, which is managed by an FMC 2500 also on version 7.0.6.2. I've been tasked with migrating the FTD to a different FMC.I came across this document outlining the migration process.- h...
Resolved! Windows PC's using MAB instead of dot1x spontaneously
Hi All Having a weird spontaneous issue on some WIndows PC's that are setup for 802.1x. After a complete bootup, ISE logs show that the PC is doing MAB authentication and are failing as expected. If I unplug the network cable and reconnect, then th...
Need Help with Cisco Firepower 1120
Problem: Firewall shows it is connected to the Internet, it can sees the gateway. But, we not getting any data through. What We've Tried:Set up static and dynamic NATs, both before and after Auto NAT rules.Used various zone objects and policies (netw...
Cisco ASA 5525 Migration to FPR-1140
Hello,We have a pair of Cisco ASA 5525-X and would like to migrate them to Cisco FPR-1140's.I started the migration and ended up at this screen: My intention was to set up a virtual FMC but I am not sure what version would satisfy my ASA units.Furthe...
Cisco Duo: Learn about Two-factor authentication playlist
Duo Security, now part of Cisco, offers custom branding options to enhance your user authentication experience. This feature allows organizations to align the Duo interface with their brand identity, ensuring a seamless and trustworthy user experienc...
Resolved! IKEv2 - CVE-2025-20182 - Denial of Service Vulnerability
Is it me or are nothing released regarding CVE-2025-20182https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-multiprod-ikev2-dos-gPctUqv2Looked for something to patch 7.4.2 with.
Resolved! FTD 7.4.2.2-28 Site to Site VPN Flow is denied by configured rule
After an upgrade from FTD 7.4.2.1-30 to 7.4.2.2-28 a Site to Site VPN stopped working.This is a packet trace, external 194.13.185.2 , Internal 192.168.20.23It is strange, because all phases have result "ALLOW".Except for the final punch line: Flow...
IPSec DVTI /SVTI issue
Hello,We're in the process of setting up a HUB-and-SPOKE topology using IPsec VTIs.The HUB router is configured with DVTI, and the SPOKE router uses SVTI.While there is IP connectivity between the routers, Phase 1 of the IPsec negotiation is failing....
Resolved! It is posible to stop Brute Force attacks in Firepower Theat Defense?
Hello to everyone.I have some doubts that arose as a result of Ethical Hacking carried out at my work, related to whether or not it is possible to stop brute force attacks on a site published from our on-premise network with FTD. Without going into t...
TLS Metadata without decryption
Hello - can FTD/FMC running snort3 collect >TLS1.2 client hello/server cert metadata collection in connection events for example? I do not want to deploy EVE and SSL decrypt is not an option. I just want to capture server cert metadata, SNI etc. Is t...
Where to get help for the FMC platform?
I am needing to open up a port that will go from outside to inside for TACACS authentication. I have created what i beleive is the necessary NAT translation from an available public IP address that our provider has given us in a publicly routable bl...
CSCwf99520 - Umbrella DNS State is ‘unprotected’
Hello,We are having this issue on Macbook Air M4 processors. Anyone else?Thanks,
Duo Active Directory User Sync fails sporadically
Hello,I started to notice that the Duo Active Directory User Sync is failing sporadically (from Automatic sync frequency jobs). The manual sync works fine and the next Automatic sync frequency ones work as well. The reason on the logs is " Sync cance...
| User | Helpful Count |
|---|---|
| 32 | |
| 27 | |
| 27 | |
| 17 | |
| 12 |
