Should Cisco Firewall in AWS - I use ASAv or FTDv/FMCv?
Hi all
I'm trying to set up a DMZ for my client to AWS. I've never done cela before and therefore the question. I intend to use ASAv as the Internet firewall against FTDv/FMCv (fire threat virtual detection power and the power of fire virtual Management Center) for the detection of threats.
I said that I could use instead of just FTDv/FMCv rather than use an ASAv because it works as a firewall as well (next-generation firewall - END).
Could someone please advise if this is indeed the case? If this is the case, is it a different set of the SAA (such as a firewall)? I'm familiar enough with the ASA, but not the power of fire and I have a few tight deadlines to meet this project, so I was wondering if the firepower will END is similar in the configuration as a firewall for an ASA?
Also, when I take a look at the licensing/part numbers for the ASAv, I see this terminology that says: package of 16 and 8 pack licenses. What does that mean? Does that mean I can use this a license for 16 or 8 ASAvs?
Thank you.
Riou
From this moment on, you choose depends on what features you need.
ASAv has almost all the features of device ASA classics. i.e. it's a dynamic firewall virtual appliance form factor.
FTDv/FMCv is an IPS solution (although 6.1 due out in months will next up (always short of parity feature) play vis a vis what offer an ASA).
Indeed, ASAv licenses are offered only for multiples at the moment. 16 and 8-pack are exactly that.
Tags: Cisco Security
Similar Questions
-
I'm trying to download the media feature pack for windows 7n and it tell me to validate using GenuineCheck, but when I do it says that I should download the most recent version uses 64-bit window 7n
You must use internet explore 32 bit.
-
should what size of file I use on jpg imported for them to properly size with Premiere Pro. When I import them into different sizes, they are large or small
In the preferences, select scale to frame size and then any media imported after the modification will be automatically resized to fit your sequence.
Thank you
The f
-
should what username and password I use
Should what username and password I use to open adobe flash player on my mac?
Hi wallaceh43208042,
Please check what userid & password I need to install Flash Player?
Thank you
Eswar.
-
My plug-ins are defined in CC PS not PS CC2014 and the external editor to the LRCC should be changed to PSCC to use my plug-ins. How can I change the external editor to make CC PS instead of CC2014 PS
Hi Alik!
Lightroom sets the latest version of Photoshop as external editor by default. However, you can set the CC Photoshop as an additional external editor in the preferences.
You can then call it with a keyboard shortcut or via the menu.
-
SRP541W Inter-VLAN Cisco firewall
Hello
Are there dates know what firewall between the internal VLAN will be supported in the firmware SRP541W? The current 1.2.5 version provides just very basic and poor settings for firewall rules.
Kind regards
Lars
Hello
Please use our forum
Hi larsgrenz, my name is Johnnatan and I'm part of the community of support to small businesses. I saw your post and found a document that colud help you, you can look at page 100 in the firewall section
I hope that you will find this answer useful, if it was satisfactory to you, please indicate the question as answer. Please note post you consider useful.
Greetings,
Johnnatan Rodriguez Miranda.
Support of Cisco network engineer.
-
Cisco NAC discovered host field use OOB L3 and L2 OOB
Hi all
We are in the phase of project initiation in a huge deployment of Cisco NAC.
Customer has of 8 regional offices who will be deployed in OOB L2 mode with its own servers of NAC.
Client also As 25 small offices who will be deployed in OOB L3 mode (using the access control list) with two central servers of the NAC.
NAC agent will be deployed at the Center through Microsoft Windows Domain Services on each computer in the domain. However, users could move from a small office to a regional office occasionally.
I was wondering how we should use the Host field discovered in the XML of the Agent?
My opinion is the definition of the scope of the host of the discovery to the IP address of the central servers of the NAC. This setting will be used when the user is in a small office and when in an office regional, the NAC in mode OOB L2 server will already intercept the traffic of the user and the IP address in the host discovery field won't matter in this case?
Am I wrong?
Any help much appreciated.Dumlu
Hi Dumlu,
If your concern relates to users of L2, then this will work regardless of the address of the configured host discovery.
This is the case, the Agent will try the host address configured discovered on top of the default gateway address.
In L2, the NAC server is between the host and the default gateway, so the L2 discovery process will still work.
Consider that for users of L3, the discovery packet sent to the discovered host address just reach the server of the ANC, no matter if so the agent can reach this address; the point is to ensure that the NAC server receives this package in order to meet with the NAC server specific info.
I hope that answers your question.
Kind regards
Federico
--
If this answers your question please mark the question as "answered" and write it down, so other users can easily find it.
-
My computer hp 15ab029tx laptop came pre-installed with win 8.1. I've recently upgraded to win 10. However, after upgrading, I found the following issues. I installed the latest version of the bios and all drivers are up to date on hp site.
the problems are.
1. edge flicker browser. Sometimes I use chrome so ok.
2. autonomy is by 2 hours earlier, that's around 3: 00.
3. laptop gets very hot. I found coolsense does not. There is no setting of tdp in the power profile. TDP settings was present in windows 8.1.event viewer is full of errors of health active hp, intel dptf, etc.
error dptf Intel
Intel (r) platform dynamic and thermal environment: Requested (8.1.10600.150) TYPE: ERROR
DPTF Build Version: 8.1.10600.150
DPTF Build Date: June 26, 2015 11:46:12
Source file:...... \.. \.. \Sources\Policies\PolicyLib\PolicyBase.cpp @ line 693
Function: PolicyBase::releaseControlofOsc
Message: Impossible to release the OSC: failure when executing _OSC:
DPTF Build Version: 8.1.10600.150
DPTF Build Date: June 26, 2015 11:46:12
Source file:...... \.. \Sources\Manager\EsifServices.cpp @ line 473
The enforcement function: EsifServices:rimitiveExecuteSet
Message: Error returned by the function interface IBSE services call
Member: NoParticipant
Domain: NoDomain
IBSE Primitive: SET_OPERATING_SYSTEM_CAPABILITIES [93]
Instance of IBSE: 255
IBSE return code: ESIF_E_UNSUPPORTED_ACTION_TYPE [1202]
Policy: Policy critical [0]
Active health HP errors
COM exception running a command GET Casl EmbeddedController.AuditLog.JSON = return value from the BIOS, which indicates a value of invalid command. : one or more arguments are invalid (Exception from HRESULT: 0 x 80000003)
4. several fonts of applications is blurred. I use 125% recommended implemented nationally as a 1080 p screen. all drivers intel & nvidia graphics are more recent.
5. after sleep / standby wireless works irregularly unless I turn it on / off manually & special keys on the keyboard do not work until I restart.
6. portable seems overall gloomy. (seems to be however performance tests indicate otherwise). Apps to take longer to open.
So should I go back to earn 8.1 using recovery and wait for more late say 1 year when all bios and driver problems are sorted.
My main problem is the short battery life and the laptop heats up.
Concerning
That's what I'd do - return to Win8.1.
I have a laptop HP Dv6 Win7 running and the upgrade of Win10 has been a total disaster. I restored using Win7 HP recovery media. I'd rather have a BONE more old where everything works, only a new operating system where things do NOT work.
As to wait a year, the FREE upgrade expires end of August 2016 - so after that, if you still want to upgrade, you will need to purchase a license - and, unlike with previous versions of OS, MS said nothing about the price for upgrade license, or even if such a license will be available then.
-
I had a problem for my new GE24 LG Super Multi DVD rewriter works correctly. No I have the movies I want to download and watch on my dvd player. I use DVD Memorex DVD + R 16 X 4.7 GB 120 min. should I use another brand, because those who only play on my computer via Windows Media Player. I am recording in the wrong format, or is this something els. Anyone know the answer to my problem?
Try this link to get answers. http://Windows.Microsoft.com/en-us/Windows7/Windows-Media-Player-DRM-frequently-asked-questions
Even if its windows 7, it applies to xp...
-
Should what type of disc I use to copy pictures on a disc?
Original title: what type of disc should I use to copy pictures on a disc. I tried memorex cd - r 40 x and also cd - r 52 x, and they do not work
copy pictures to a disc
Hi stv2741,
1. you use any DVD burning software?
You can use any type of recordable disc to burn images. You can check the following links for more information:
Burn a CD or DVD
http://Windows.Microsoft.com/en-us/Windows-Vista/burn-a-CD-or-DVD
Burn pictures or videos to a CD or DVD
http://Windows.Microsoft.com/en-us/Windows-Vista/burn-pictures-or-videos-to-a-CD-or-DVD
Burn a CD or DVD in Windows Media Player
http://Windows.Microsoft.com/en-us/Windows-Vista/burn-a-CD-or-DVD-in-Windows-Media-Player
Hope this information is useful.
Jeremy K
Microsoft Answers Support Engineer
Visit our Microsoft answers feedback Forum and let us know what you think.If this post can help solve your problem, please click the 'Mark as answer' or 'Useful' at the top of this message. Marking a post as answer, or relatively useful, you help others find the answer more quickly.
-
Firewall Windows does not use recommended settings
Firewall service Windows is not running: does not use recommended settings
Firewall service Windows is not running: does not use recommended settings
Please specify:
> windows firewall service is not running
> does not use recommended settingsIf it running or NOT?
Which of the above is the problem?RE: windows firewall service does not
under the State column, it must be said... started
under the Startup Type column, I must say... AutomaticRE: does not use recommended settings
Start button > in the search box, type windows firewall > looks upward at the top on the left, click on Windows Firewall > click on change settings > put on a blue radio point (recommended) level > OK for the benefits of others looking for answers, please mark as answer suggestion if it solves your problem. -
Fibre channel host bus adapters should be removed if not in use?
We have a Dell Poweredge R720 server that has a Qlogic host an orphan in her bus adapter. The lighting on the HBA flashes yellow, green and orange. I wonder if this orphan adapter could use the system resources and if it should be removed.
Kimblbob,
Despite the HBA is not used, it will use resources. Now granted it's a very tiny amount, but he uses them what. When the card is installed, it will draw power, as well as the host server will spend processes in the sending of communications "heartbeat" with the card, it is ready to use it... Thus, while it is a VERY small amount, he uses them.
I see no problem with you withdraw during a maintenance window.
Hope this helps to answer your question.
-
Cannot connect Cisco 2621 to AWS EC2 Openswan vpn site to site
Hello, I'm setting up Site to Site vpn between my Cisco 2621 router and Amazon EC2 instance running openswan.
I get on the following message on the openswan server: 'NO_PROPOSAL_CHOSEN '.
My router config Cisco 2621 and Openswan config are displayed below, I know im missing something small, but can't
understand what is :-) any help would be appreciated.Apr 16 20:05:55 ip-172-31-1-142.us-west-2.compute.internal pluto [28503]: "paulaga-House" #1: STATE_MAIN_I3: sent MI3, expect MR3
Apr 16 20:05:55 ip-172-31-1-142.us-west-2.compute.internal pluto [28503]. port/protocol Phase 1 ID payload is 17/0. agreed with port_floating NAT - T
' Apr 16 20:05:55 ip-172-31-1-142.us-west-2.compute.internal pluto [28503]: "paulaga-House" #1: hand mode peer ID is ID_IPV4_ADDR: ' 192.168.1.253.
Apr 16 20:05:55 ip-172-31-1-142.us-west-2.compute.internal pluto [28503]: "paulaga-House" #1: transition of State STATE_MAIN_I3 of State STATE_MAIN_I4
Apr 16 20:05:55 ip-172-31-1-142.us-west-2.compute.internal pluto [28503]: "House paulaga" #1: STATE_MAIN_I4: ISAKMP Security Association established {auth = PRESHARED_KEY oakley_3des_cbc_192 integ = md5 = MODP1536 group = cipher}
Apr 16 20:05:55 ip-172-31-1-142.us-west-2.compute.internal pluto [28503]: "paulaga home" #2: quick launch Mode PSK + ENCRYPT + TUNNEL + PFS + UP + IKEV1_ALLOW + IKEV2_ALLOW + SAREF_TRACK + IKE_FRAG_ALLOW {using isakmp #1 proposal of msgid:17d23abf = default pfsgroup = OAKLEY_GROUP_MODP1536}
Apr 16 20:05:55 ip-172-31-1-142.us-west-2.compute.internal pluto [28503]: "paulaga-House" #1: regardless of the payload information NO_PROPOSAL_CHOSEN, msgid = 00000000, length = 160
Apr 16 20:05:55 ip-172-31-1-142.us-west-2.compute.internal pluto [28503]. ISAKMP Notification payload
Apr 16 20:05:55 ip-172-31-1-142.us-west-2.compute.internal pluto [28503]. 00 00 00 a0 0e 00 00 00 01 03 04 00
Apr 16 20:05:55 ip-172-31-1-142.us-west-2.compute.internal pluto [28503]: "paulaga-House" #1: received and ignored the information messageThe schema looks like this:
192.168.0.0/24:FA0/1[router]FA0/0 192.168.1.253 - 192.168.1.254 [Modem] 64.231.25.93 (pub ip attributed to my modem)Cisco 2621 router configuration:
Current configuration: 2649 bytes
!
version 12.3
no cache Analyzer
no service timestamps debug uptime
no service the timestamps don't log uptime
encryption password service
!
cisco2600 hostname
!
boot-start-marker
start the system flash c2600-ik9o3s3 - mz.123 - 26.bin
boot-end-marker
!
logging buffered debugging 10000
no logging monitor
!
No aaa new-model
IP subnet zero
IP cef
!
!
name-server IP 192.168.0.10
!
Max-events of po verification IP 100
!username admin privilege 15 password 7 01100F175804
!crypto ISAKMP policy 10
BA 3des
md5 hash
preshared authentication
Group 5
ISAKMP crypto key mysecretkey address 52.39.49.77
!
life crypto ipsec security association seconds 28800
!
Crypto ipsec transform-set AMAZON-TRANSFORM-SET esp-3des esp-md5-hmac!
11 INTERNET-CRYPTO ipsec-isakmp crypto map
! Incomplete
description Amazon EC2 instance
defined by peer 52.39.49.77
transformation-AMAZON-TRANSFORM-SET game
match address 111
!
!
!
!
interface FastEthernet0/0
Connection to the Bell Modem description
IP 192.168.1.253 255.255.255.0
NAT outside IP
automatic duplex
automatic speed
crypto CRYPTO-INTERNET card
!
interface Serial0/0
no ip address
!
interface FastEthernet0/1
Description of the connection to the local network
IP 192.168.0.254 255.255.255.0
192.168.0.10 IP helper-address
IP nat inside
automatic duplex
automatic speed
No cdp enable
!
interface FastEthernet0/1.2
Service Description Vlan
encapsulation dot1Q 2
IP 10.0.0.254 255.0.0.0
192.168.0.10 IP helper-address
IP nat inside
!
IP nat inside source list ACL - NAT interface FastEthernet0/0 overload
IP nat inside source static tcp 192.168.0.47 3389 interface FastEthernet0/0 3389
IP http server
local IP http authentication
no ip http secure server
no ip classless
IP route 0.0.0.0 0.0.0.0 192.168.1.254
!
!!
!
!
extended ACL - NAT IP access list
allow an ip
allow a full tcp
allow a udp
recording of debug trap
ease check syslog
record 192.168.0.47
access-list 111 allow ip 192.168.0.0 0.0.0.255 172.31.1.0 0.0.0.255
!
!
!
Dial-peer cor custom
!
!
!
Line con 0
password 7 05080F1C2243
opening of session
line to 0
line vty 0 4
privilege level 15
local connection
transport telnet entry
telnet output transport
line vty 5 15
privilege level 15
local connection
transport telnet entry
telnet output transport
!
!
endOpenswan Configuration:
file paulaga.secrets:
64.231.25.93 192.168.1.253 52.39.49.77: PSK "mysecretkey.
file paulaga.conf:
Conn paulaga-home
left = % defaultroute
subnet # EC2 My leftsubnet=172.31.0.0/16
leftid = 52.39.49.77 # EC2 my public ip
right = 64.231.25.93 # My Home Modem public ip
rightid = router 192.168.1.253 # My Home Cisco 2621 outside interface ip
rightsubnet=192.168.0.0/24 # My Home LAN Cisco 2621
authby secret =
PFS = yes
start = autoHello
Since we are getting the following error NO_PROPOSAL_CHOSEN could you please add the following on the router policies then check :
crypto ISAKMP policy 10
BA 3des
md5 hash
preshared authentication
Group 5crypto ISAKMP policy 20
BA 3des
md5 hash
preshared authentication
Group 2crypto ISAKMP policy 30
BA 3des
sha hash
preshared authentication
Group 2crypto ISAKMP policy 40
BA aes
md5 hash
preshared authentication
Group 2Please test with the latter and keep us informed of the results.
Kind regards
Aditya
Please evaluate the useful messages and mark the correct answers.
-
I am configuring the Cisco 1000v REA in my VPC for connectivity VPN L2L. Can someone point me to the config docs? How can I configure the IP Elastic interface? It would be great if you could redirect me to the documentaion for VPN L2L with 1000v (AWS) Cisco CSR - Cisco ASA 5510.
I have several subnets in my VPC AWS. I want this REA to be the gateway to the subnets and want to configure VPN L2L tunnels with ASA to other domain controllers.
Appreciate your help
-Aneesh
I'm in the first phase of trials. I work one way... Will you post the details soon...
-
Cisco ISE point endpoint assets use Reset
Hello
I have a Cisco ISE running version 1.1, and I was wondering if it would be possible to reset the license use/active end point shown on the dashboard? Noted after a restoration of EHT due to the replacement of the material and I noticed that endpoints use County/active license doesn't seem to go down.
The following methods have been tried, but without success:
1. reboot the Server/service of ise
2. turn off all devices in the network use the ise as there are no customers/device access; example of switch/wlc/etc...
3 remove all use of endpoints in the Group of identity/identities
4 disable profiling at the ise
As the ise has been installed with a basic license; not too sure if it can be either a bad restoration (all service/application work however) / accounting bad Ray which is not expired on the ise / etc...
Any help is appreciated on how to reset the active use of point of termination/license.
Thank you.
Here is a method to remove outdated records. Please try this:
http://www.Cisco.com/en/us/docs/security/ISE/1.1/api_ref_guide/ise_api_ref_ch2.html#wp1072950
Thank you
Tarik Admani
* Please note the useful messages *.
Maybe you are looking for
-
Satellite 1130-z28: cannot start from portable player
My Teac dw 224th Player Toshiba Satellite 1130-z28 does not work. I have the problem I tried to replace it with 3 different types of cd rom drive and none worked. The led light, but I can't boot from them and windows doesn'n even recognize them. Is i
-
How can I keep a window "at the top"
I often have three or more browsers open and My Documents and, perhaps, another folder or two. I wish I could keep, say, My Documents on top of all the rest at all times. Sometimes it gets lost in the maze. If I could keep on top and resize it to a l
-
Got a new computer, I was wondering if the HP Deskjet F2200 series will work with Windows 7?
-
I have two Acer Aspire laptops. They are totally frozen because of the virus.I lost the recovery of Windows Vista Ultimate Edition disc, where to get a replacement.I have to rebuild my laptop.
-
When I click on 'Map', it blocks the Explorer
WVHB - when I click on "View full map" explore, it blocks. I have to finish the card and Explorer should restart. What the devil?