Posts

Showing posts from December, 2021

Reimage ASA to FTD

-
 1. The following guide has detail about load FTD boot image in Rommon mode https://www.cisco.com/c/en/us/td/docs/security/firepower/quick_start/reimage/asa-ftd-reimage.html 2. In addition to above guide, we can load boot image via USB key.    2.1 Insert USB key when device is running ASA image    2.2 USB key is disk1, copy FTD boot image from disk1 to disk0 (flash)    2.3 change boot var to use FTD boot image    2.4 reboot     2.5 continue pkg file installation
Post a Comment
Read more

Understanding Access Point OS Images

-
 https://community.cisco.com/t5/wireless-mobility-documents/understanding-access-point-os-images/ta-p/3123952
Post a Comment
Read more

Anyconnect hostscan (Secure Firewall Posture)

-
Image
  Secure Firewall Posture (Formerly HostScan) The Cisco Secure Client ( AnyConnect Secure Mobility Client ) offers a Secure Firewall Posture Module ( VPN Posture ), formerly HostScan, and an ISE Posture Module. Both provide the Cisco Secure Client with the ability to assess an endpoint's compliance for things like antivirus, antispyware, and firewall software installed on the host. You can then restrict network access until the endpoint is in compliance or can elevate local user privileges so they can establish remediation practices. Secure Firewall Posture  is bundled with secure-firewall-posture- <version> -k9.pkg , which is the application that gathers what operating system, antivirus, antispyware, and software is installed on the host. ISE Posture deploys on client when accessing ISE-controlled networks, rather than deploying both  Cisco Secure Client  and the NAC Agent. ISE Posture is a module you can choose to install as an additional security component into the  Cisco
1 comment
Read more

Firepower Identity and User-IP Mapping

-
Image
Note: Firepower uses identity policies to detect the user associated with a connection (IP address). An user connects to Anyconnect is a special active authentication, an identity rule matches Anyconnect traffic is required,  regardless of active or passive action selected. If there is no identity rule for AC traffic, FMC/FTD will not try to identify the traffic owner, thus won't match any use-id base ACP rules. when identity policy has a rule matches Anyconnect traffic, and VPN is using LDAP for authentication. FMC has an active session when AC user connected when VPN is using ISE for authentication, user shows as Discovered Identity, FW doesn't map user-ip properly, to fix it, need user to put username format lab\user1 or lab.local\user1 uss When ISE is running 802.1x, setup pxGrid between ISE and FMC to pass authentication session info to FMC, in this case, from FMC standpoint, 802.1x is Passive authentication. with 802.1x, machine authentication session is sent to FMC firs
Post a Comment
Read more