I have two Firepowers in two remote offices and i have two ISPs in each office, i had configured vti ipsec vpn between two offices but they are working with static routes, can i configure dynamic routing protocols for failover vpn? I tried to configu...
So, I'm task with finding if anyone else search or connected to a specific URL in the last 30 days. Does any know if FMC have a way of searching this or generating a report. I have only found ways to create a rule to log it go forward not from the pa...
Hello Dears, I have a little bit weird issue never faced it before, for the sake of testing for a client & to stay out of production impact, in addition to client confidentiality i had to simulate his environment base configuration to start Tshoot...
Hey guys, VPN on Firepower authenticating on ISE -> OK VPN on Firepower authenticating on Duo -> OK VPN on Firepower authenticating on ISE calling external Radius (Duo) for MFA -> NOK Duo's auth proxy logging shows: "20): Cannot decode password usi...
Is it possible for the FMC to run a report to indicate what rules are inactive/disabled? What about reporting what objects are not being used?I know beside various items there is a "report" icon, or "export to csv" but this isn't giving me the info I...
We are looking at moving to SSO but need to be able to include all the groups a user is a member of. Is it possible to pull this from AD and include it in SAML claims?Ideally we would want to manage this in a single place (AD) so if we added a new gr...
We are migrating from our Older Cisco ASA Firewalls to Cisco FTD 2140's. We currently are using WCCP on the ASA's for Transparent Proxy with our WSA Virtual Appliance under VMWare. I was just going to migrate WCCP Configurations to the FTD 2140's w...
Hello,I've been planning to role out dot1x on my network. However, the network consists of NXServers in the DC with thin clients that connect back them at user desks.As I think about it, how would dot1x work in this environment? Connecting a PC to a ...
hello all ,recently i tried to configure VPN site to site with certificate authentication type, i got the certificate signed by a third party autority , and when i did the debugs i got this log :CRYPTO_PKI: bitValue of KEY_USAGE = a0PKI[7]: CRYPTO_PK...
Can anyone help me out with this. I've got Switches setup in ISE to use TACACS to authenticate the logins. I'm looking to setup DOT1X on the ports, along with MAB. I have the config in ISE set but i'm trying to determine exactly how to setup the s...
Hi Team, Unable to integrate CISCO ise configurations in AWX - EE[Execution envi]... Observing lot of dependencies error. Logical View:Manaual verfied TACACS configuration -----> Automated using ansible -----> Using EE build deploying TACACS automati...
We've been using AnyConnect SBL for a long time. All new PCs are being onboarded with Windows 11. The first new PC in the hands of a remote worker went into service this week. The onboarding procedures, including loading AnyConnect and specifying the...
I have created an external admin group in ISE, which is pointing to an AD group. There are several users in this AD group.Will all the users in this AD group gets ISE admin access or can it be restricted to few users.
This document describes license packages, bundles, optional subscriptions and add-ons, and licensing for Virtual Appliances. Some features may be licensed as add-ons but may also be included as part of a bundle. See the reference links for details on...
Greetings! Hope somebody can guide me how is it supposed to be done! Sorry, I'm a noob and seems to can't find an answer.Lets say I have 3 subnets/vlans/interfaces with security levels:inside (90)dmz (10)outside (0)lets say I want to allow http/https...
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: