Marvin Rhoads

Member Since: Jun 28, 2001

User Badges:
  • Super Silver, 17500 points or more
  • Cisco Designated VIP,

    2017 Firewalling, Network Management, VPN

English
Marvin Rhoads commented on Configuring and setting up SYSlog in Network Management 2 hours ago

"local7" is just an optional field to specify the logging facility for use by the destination...

Marvin Rhoads commented on Not sure if Firesight is blocking correctly in Intrusion Prevention Systems/IDS 4 hours ago

That's a good question. I haven't tried that. I do recall that the ASA informational level log...

Marvin Rhoads commented on Cisco ASA 9.7 Stateful Connection Database in Firewalling 4 hours ago

You're correct - this is unexpected behavior. The "state" (or more accurately existence a...

Marvin Rhoads commented on how to solve third part security concerns for 5520 asa??? in Firewalling 6 hours ago

You're welcome. The suggested settings only affect traffic terminating on the ASA itself - not...

Marvin Rhoads commented on Cisco Prime 3.1.5 Upgrade Failed in Network Management 6 hours ago

@ricky.mcelwee  , Thanks for the update. Did you happen to get the BugID?

Marvin Rhoads commented on NAT issue on FWSM in Firewalling 7 hours ago

A given host can only have a single static NAT for a given port number. Otherwise how would the...

Marvin Rhoads commented on Firepower FMC and FTD Deployment Issues: in Other Security Subjects 8 hours ago

You need to switch to "expert" mode. Then you will be in the Linux bash shell environment.

Marvin Rhoads commented on Firepower FMC and FTD Deployment Issues: in Other Security Subjects 10 hours ago

You can go into the OS and use tcpdump to see the incoming packets on a given interface. That...

Marvin Rhoads commented on Firepower blocking CnC in Event Analysis 10 hours ago

C&C server trying to access a DMZ host dopesn't necessarily mean the host is compromised. If...

Marvin Rhoads commented on ASA Captive Portal Certificate in FireSIGHT System / 3D System 10 hours ago

I'm not sure if you can do that currently. I would suggest openeing a TAC case to check. If it was...

Marvin Rhoads commented on Selection criteria for Cisco ASA model in Firewalling 11 hours ago

When refereshing the EOS models, we consider what features and licenses are curently in use and...

Marvin Rhoads commented on Selection criteria for Cisco ASA model in Firewalling 14 hours ago

I advocate keeping it simple. If the customer has (for example) 1 Gbps upstream, I recommend at...

Marvin Rhoads commented on ASA5555 VPN and AnyConnect Client in Other Security Subjects 14 hours ago

The first part number refers to the discontinued and obsolete Cisco IPsec VPN client. Cisco used to...

Marvin Rhoads commented on Router Security Audit in Other Security Subjects 14 hours ago

It varies according to the model and version of IOS. Also if your operations staff isn't good about...

Marvin Rhoads commented on Cisco Prime 3.1.5 Upgrade Failed in Network Management 14 hours ago

I ran into the same thing just yesterday. I opened a case and the TAC engineer tells me there's a...

Marvin Rhoads commented on Not sure if Firesight is blocking correctly in Intrusion Prevention Systems/IDS 14 hours ago

The ASA packet-tracer does not interact with the logic internal to the FirePOWER service module....

Marvin Rhoads commented on Selection criteria for Cisco ASA model in Firewalling 15 hours ago

The numbers are generally based on getting a feel for current traffic levels by observing them over...

Marvin Rhoads commented on Cisco ASA5505 unable to manage AP 1142n in Firewalling 15 hours ago

Assuming VLAN 101 and 100 are same security level and neither has an existing inbound access-list...

Marvin Rhoads commented on Brackets for ASA 5555X in Firewalling 15 hours ago

It's possible but not recommended. The 5555-X is a bit heavier (16.82 or 18.86 lbs depending on...

Marvin Rhoads commented on Question about ASA 5506-x with 6.2 FTD Image in Security Management 15 hours ago

The 9.7 release is quite new and the documentation could use a tweak or two to make it clearer. I...

Marvin Rhoads commented on FireSIGHT system central management utility and backup question in FireSIGHT System / 3D System 15 hours ago

Snapshots are always a challenge when the server in question has databases under the covers (as...

Marvin Rhoads commented on SSL Certificates on Anyconnect in VPN 16 hours ago

If you only have a single public IP then you have to host one service or the other on a different...

Marvin Rhoads commented on how to solve third part security concerns for 5520 asa??? in Firewalling 1 day ago

#1 can be fixed via configuration. Try: ssl encryption dhe-aes256-sha1 dhe-aes128-sha1...

Marvin Rhoads commented on OSPF over IPSEC VPN Tunnel in VPN 1 day ago

There is a Cisco tech note on this scenario. It does not use OSPF but rather tracks the...

Marvin Rhoads commented on SSL Certificates on Anyconnect in VPN 1 day ago

The certificate Common Name can be the ASA IP address for the interface via which you access the...

Marvin Rhoads commented on SFR Firepower is not present/manageble anymore in ASDM in FireSIGHT System / 3D System 1 day ago

Thanks for updating the thread. Updating your Java may have had the effect of clearing your Java...

Marvin Rhoads commented on Question about ASA 5506-x with 6.2 FTD Image in Security Management 1 day ago

The management interface on an ASA FTD 6.2 is still used like it had been before when your use case...

Marvin Rhoads commented on Should I install firepower on ASA-5515-X? in Firewalling 1 day ago

No. Whether you are asking about FirePOWER service module or re-imaging to FirePOWER Threat Defense...

Marvin Rhoads commented on ASA Captive Portal Certificate in FireSIGHT System / 3D System 1 day ago

When you setup captive portal it gives you the option to select the certificate from among those...

Marvin Rhoads commented on SNMPv3 with AES256 not working in Cisco Routers in Network Management 2 days ago

As I mentioned earlier, Prime Infrastructure does not support AES-256 for SNMPv3 privacy. That...

Marvin Rhoads commented on Lan Setup in Optical Networking 2 days ago

Correct.

Marvin Rhoads commented on Cisco Firepower 4110 Clustering with ASA and FTD in FireSIGHT System / 3D System 2 days ago

Clustering is at the logical device level (i.e. FTD - not FX-OS). If I were doing...

Marvin Rhoads commented on Lan Setup in Optical Networking 2 days ago

As long as you use single mode fiber to single mode transceivers (and multimode fiber to multimode...

Marvin Rhoads commented on URL filter rule for “directory” part in URL ? in FireSIGHT System / 3D System 2 days ago

You're welcome. That's correct - to go to any level below what is identiifed in the CN portion of...

Marvin Rhoads commented on URL filter rule for “directory” part in URL ? in FireSIGHT System / 3D System 2 days ago

I don't believe you can use wildcards in URL conditions. Reference: http://www.cisco.com/c/en/us/...

Marvin Rhoads commented on CIsco Anyconnect install on 2900 ISR...Ports needed to open to allow anyconnect in VPN 2 days ago

AnyConnect is most often used for SSL remote access VPN and thus requires tcp/443 inbound by...

Marvin Rhoads commented on ASA 5506 9.6(1) high CPU usage 100% (99.6% DATAPATH-0-1723) in Firewalling 2 days ago

If you are using the FirePOWER service module, 100 Mbps is right around the maximum expected...

Marvin Rhoads commented on ASA 5516-x With Firepower services and active/active failover in FireSIGHT System / 3D System 2 days ago

The order may have incorrectly specified only one Control license. Two modules requires two...

Marvin Rhoads commented on Lan Setup in Optical Networking 2 days ago

Most carriers prefer to hand off single mode for standardization purposes. It's generally not...

Marvin Rhoads commented on SFR Firepower is not present/manageble anymore in ASDM in FireSIGHT System / 3D System 3 days ago

Hmm. You're right - it all looks OK from the module's point of view. I'd definitely not...

Marvin Rhoads commented on SFR Firepower is not present/manageble anymore in ASDM in FireSIGHT System / 3D System 3 days ago

Please check "show module sfr detail" and make sure a manager (DC) didn't get configured. If that's...

Marvin Rhoads commented on Downgrading Cisco FirePOWER 7020 Sensor in Intrusion Prevention Systems/IDS 3 days ago

Console access is required to revert to an earlier level as it requires interrupting the boot...

Marvin Rhoads commented on firesight report in Intrusion Prevention Systems/IDS 3 days ago

Are you asking who is using facebook so much? For that, as well as the IP addresses used by...

Marvin Rhoads commented on site to site vpn between vFTD and ASAv in VPN 3 days ago

Yes one can configure a site-site IPsec VPN with one end being an FTDv and the other end being an...

Marvin Rhoads commented on ASA -----User with low privilege in Firewalling 3 days ago

@nurbol555  , The ASA capabilities are a bit different than IOS. On an ASA, here would be the...

Marvin Rhoads commented on Is this an AnyConnect Premium License? in VPN 3 days ago

You're welcome. Please rate any helpful reply. 

Marvin Rhoads commented on FirePOWER Rules/Geofiltering in Intrusion Prevention Systems/IDS 3 days ago

Ah ok - yes the excluded zone was what I was referring to.  You're welcome.

Marvin Rhoads commented on FirePOWER Rules/Geofiltering in Intrusion Prevention Systems/IDS 3 days ago

That looks pretty much like how I would do it and how it's taught by Cisco. I would only leave out...

Marvin Rhoads commented on ASA5506X-k9 support how many any connect default in VPN 3 days ago

Two (2) AnyConnect Premium licenses are provided with every ASA. These are under the older 3.x...

Marvin Rhoads commented on SSL Certificates on Anyconnect in VPN 3 days ago

Once you have a certificate in your local trusted store it is no more or no less susceptible to man...

Bio

Sr. Network Engineer, CCNP Security, Fire Jumper

User Badges:
  • Badge.
    Super Silver
    17500 points or more
  • Badge.
    Cisco Designated VIP

    2017 Firewalling, Network Management, VPN

  • Badge.
    Cisco Designated VIP

    2016 Firewalling, Network Management, VPN

  • Badge.
    Cisco Designated VIP

    2015 Security

  • Badge.
    Cisco Designated VIP

    2014 Security, Network Management

  • Badge.
    Cisco Designated VIP

    2013 Security, Network Management

Marvin Rhoads's Stats

Discussion started
Answers marked as Correct
Endorsed
Content Rated