Net Worker World

  Example Conditions Ensure Windows Firewall is enabled Check for attached USB devices Anti-malware installation Critical Patch installation Application installation Note: Anyconnect package on ASA/FTD contains ISE Posture module, but need be enabled in Group Policy to push it to user's PC along with Anyconnect VPN core module.  Example: ASA group-policy ISE_VPN internal group-policy ISE_VPN attributes  dns-server value 172.16.1.10  vpn-tunnel-protocol ssl-client  webvpn   anyconnect modules value iseposture   anyconnect profiles value Test-Profile type user Example: FTD 2.  When user PC has no AnyConnect installed, user connects to remote VPN URL, after login, the user has link to download Anyconnect VPN core module. After AC installation, launch and login AC, when  Group Policy has ISE posture module is enabled, the module will be download and installed. Then "discover" process is started.      2.1 When enroll.cisco.com is allowed on the tunnel, compliance module downlo

 1. Tunnels (Sessions) There are three different tunnels (sessions) on the ASA, each one with a specific purpose: Clientless or Parent-Tunnel:  This is the main session that is created in the negotiation in order to set up the session token that is necessary in case a reconnect is needed due to network connectivity issues or hibernation. Based on the connection mechanism, the Cisco Adaptive Security Appliance (ASA) lists the session as Clientless (Weblaunch via the Portal) or Parent (Standalone AnyConnect). Secure Sockets Layer (SSL)-Tunnel:  The SSL connection is established first, and data is passed over this connection while it attempts to establish a DTLS connection. Once the DTLS connection is established, the client sends the packets via the DTLS connection instead of via the SSL connection. Control packets, on the other hand, always go over the SSL connection. DTLS-Tunnel:  When the DTLS-Tunnel is fully established, all data moves to the DTLS-tunnel, and the SSL-Tunnel is only u

1. Enable Log Violation Traffic in the implicit deny security policy  2. Sniffer     diagnose sniffer packet port2 'host 192.168.10.2'     diagnose sniffer packet port2 'udp and port 1812 and host 192.168.10.2'     diagnose sniffer packet port2 'proto 1'     diagnose sniffer packet any 'host 8.8.8.8' 4 Or from GUI: Network>Packet capture. 3. Debug flow diagnose debug disable  diagnose debug clear diagnose debug flow filter addr 192.168.10.2 diagnose debug flow filter port 80 diagnose debug flow show function-name enable  diagnose debug flow trace start 100 diagnose debug enable  diagnose debug disable  4. Check session table diagnose sys session list | grep 192.168.10.2 5. check CPU get system performance status diag sys top ========================= Using the FortiOS built-in packet sniffer for capturing packets Description   In addition to the GUI packet capture methods, the CLI offers the possibility to capture packets on multiple interfaces and