Migrating another firewall to Cisco Firepower Threat Defense (FTD) can be a daunting task. Depending on the role of the firewall, it can have thousands of ACL entries, network and service objects and network address translations (NAT). Fortunately, for anyone that is migrating to Cisco FTDs that are managed by Cisco Firepower Management Center (FMC), Cisco provides a firewall...
Continue readingThere may be certain situation when you need to reset a Cisco FTD appliance back to factory default to get a clean start. One such example is during a deployment I encountered a Cisco Bug for FTD version 7.0.4 locally managed by FDM. The bug caused a corruption in the database that cannot be repair and configurations from the FDM are not synced with the LINA, the ASA portion of the FTD. There...
Continue readingIn the first entry of this series, we looked at the high-level mechanics involved in using AnyConnect with the ISE Posture module to perform endpoint host inspection (posture) when connecting to an AnyConnect VPN head-end (ASA/FTD). In the second entry of this series, we narrowly focused on getting the ISE posture module provisioned. In the third entry, we took stock of all the available posture...
Continue readingIn the first entry of this series, we looked at the high-level mechanics involved in using AnyConnect with the ISE Posture module to perform endpoint host inspection (posture) when connecting to an AnyConnect VPN head-end (ASA/FTD). In the second entry of this series, we narrowly focused on getting the ISE posture module provisioned. If you haven’t check those out yet, please do, links below!
Continue readingIn the last entry of this series, we looked at the high-level mechanics involved in using AnyConnect with the ISE Posture module to perform endpoint host inspection (posture) when connecting to an AnyConnect VPN head-end (ASA/FTD). If you haven’t read that one yet, you can find it here!
In this entry, we will be narrowly focused on provisioning the ISE posture module. Enjoy!
Continue readingSometimes it is faster to just re-image the firepower module than to go through the step-by-step upgrade process where you must upgrade to the next release and then apply the all the updates. If the module is several releases behind than this process must be repeated several times. Luckily, in certain scenarios this can be avoided by just re-imaging to the latest Cisco recommended release. This...
Continue readingProject Manager: “We need to give them access to our network.”
IT Security: “No.”
Project Manager: “We really need to give them access to our network.”
IT Security: “Still no.”
Project Manager: “C’mon, pleeease??”
IT Security: “Ok fine. But we’ll need to assess their computer for vulnerabilities.”
Continue readingHello All,
With the world of remote work continuing to evolve into more of a standard workflow, it is becoming more and more important to secure your company’s data, while still providing access to employees to allow for work. Cisco continues to lead the way with VPN technology and providing solutions to meet the needs of business. Like many blogs out there already, AnyConnect is no new thing and...
Continue readingWith the FTDs being managed by FMC everything is now configured via GUI. There is no longer the option of configuring via CLI like the ASAs. You can still access the CLI but Cisco does not officially support configuration using the CLI. Obviously, there are pros and cons to this. You no long need to remember syntax and which command does what. You just need to know how to navigate the GUI menus...
Continue readingNotepad++ for the Modern Network Engineer
Continue reading
