User Info

Welcome, Guest. Please login or register.
Did you miss your activation email?

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Topics - Administrator

Pages: [1] 2

I’m wondering if anyone has tried to configure SSL Decryption with the criteria of a custom URL [object] category in Cisco SourceFire. The reason I want to do this is due to a testing scenario—put a couple of URL’s in a URL group (Ex., & others), tell the SSL decryption policy that user “jdoe” needs decryption when going to these URL’s, have that user download test malware from to demo the functionality etc. Without the ability to do this, there is a whole demo I cannot do. From what I can see—I created the custom URL object & URL group (objects > object management, URL etc.) That custom URL object is there if I go to Policies > Access Control Policies & look at my URL based ACP. In other words, I can click on that custom URL object & do some action with it. When I go to Policies > SSL & create an SSL decryption policy, click on the “category” tab, the regular well-known URL pre-defined URL categories are there. But the custom URL object / category is not even there, not even selectable (With or without having done a “deploy” after I created the URL object). I’m now thinking that you cannot configure a custom URL object to be included as a URL category where you’re doing SSL decryption as the custom URL object does not show up as a selectable item in the config. Because of that, I’m also thinking that, if you need to do SSL decryption off of URL categories in Cisco SourceFire, you need the URL filtering license Thoughts? Thanks!

Wireless / wireless multi tenant (On behalf of Abraham D.)
« on: September 18, 2017, 08:48:14 PM »
hello i would like to know if you have a cisco series on wireless multi tenant design? where you have a multi dept business with some areas having shared space that requires separate SSID along with controllers and AD. would ISE be able to do this type of control? user data traffic needs to stay separate from AP to the end users own network. but AP would be broadcasting multi SSID. thank you

what is the impact to live network if firesight (Defense Center) got fail at the time when we upgrade it ?

kindly share the details about the risk of upgrading the Defense center(source fight) & sensors(SFR) parallel .

Security / ISE 2.3 IP Pool Assignment (On behalf of Keyvan)
« on: September 14, 2017, 08:23:11 PM »
Hi there, first thanks for ur useful info. I would like to ask u about Dynamic IP Assignment feature in ISE 2.3! is it possible that use it instead of DHCP!? I mean without buying extra Module to support it! actually we wanna use ISE as our Radius-Server for Mobile-Devices joinng to our MDM. if yes, how should I config it? that would be nice, if you can guide/help me. good time Keyvan

Security / I need your help on this video SEC0015 (On behalf of Olushola)
« on: November 08, 2016, 05:36:33 PM »
I watched this video "LabMinutes# SEC0015 - Cisco Router Easy VPN (EZVPN) with Pre-Shared Key and Hardware Client" and follow the steps one after the other. The Head-end and  Hardware Client were configured correctly and Nat translation is also working as I debug the packet. PC behind Hardware Client is not getting reply but the Head-end Hardware Client are seeing the echo reply and Nat translation. Please what do you think can cause this problem while my PC is not receiving echo reply. I look forward to from you. Thanks a lot

Routing and Switching / STACKWISE 480 FOR 3850 SWITCHES (On behalf of Syed)
« on: November 08, 2016, 05:30:29 PM »
i need to know how to add a new stack member in switch stack of 3850 switches please help.

Security / Cisco ISE (on behalf of hamidreza)
« on: April 05, 2016, 10:06:38 PM »
 i have a question about cisco ise. please help me. with following port configuration :

authentication event fail action next-method
authentication event server dead action reinitialize vlan 2
authentication event server alive action reinitialize
authentication host-mode multi-auth authentication order dot1x mab
authentication priority dot1x mab authentication port-control auto
authentication violation restrict mab
dot1x pae authenticator
dot1x timeout tx-period 10

client`s pc authorize successful and when client use virtual machine with Bridge network interface , the virtual machine authorize successful ,after it the host dot1x changed to authentication fail. - in nat interface there is no problem . please help me. thanks

Security / ACS & ISE (On behalf of Michael C.)
« on: March 01, 2016, 11:27:20 PM »
Do I need Cisco ISE to make this work: Corporate laptop need to access Domain resources such as file server via corporate LAN and corporate wireless and vice-versa? Can I do all this with just Cisco ACS? Continue to do great work. Thanks.

Security / Cisco ASA Sourcefire SSL URL filtering (on behalf of Milin)
« on: February 11, 2016, 11:19:30 PM »
With firepower 6.0 and Cisco ASA 9.4.2 O.S ..I am experiencing bandwidth degradation.
So, I would like to know if anyone want to upgrade from firepower 5.4 to 6.0 which firewall base IOS version should he take in use ? (Stable IOS )

Security / what is MAR used for in ISE? (on behalf of sherief)
« on: October 21, 2015, 05:37:04 PM »
Please informed that i just authenticate machine against domain membership and authenticate users with domain username and password. Question is : Machine access restriction is enabled on my ISE configuration, what will happen if i disabled it.??

Cisco Lab Hardware / ISE Labs (on behalf of Brian)
« on: August 23, 2015, 11:02:22 PM »
I'm very interested in setting up a lab with Cisco ISE to experiment with NAC. It appears one of your tutorials includes a downloaded VM with ISE (I haven't checked it out yet). How is ISE actually licensed? Is there an inexpensive Cisco switch you'd recommend I purchase for the labs? Brian

Security / ISE Question on behalf of Sadn Sadn
« on: March 23, 2015, 08:43:50 AM »
Hello please help me for my questions about Cisco ISE:-

1-what is the difference between NAC Agent & Web NAC Agent ?
2-when we apply NAC the devices must be under domain? yes or no.
3-Can I apply NAC for workgroup machines?
4-When the collapse of the aaa server for each reason, what I do for dot1x & MAB machines to access the network?
5-what is the policy you can apply for workgroup machines from Cisco ISE?
6-Why in Cisco ISE appliance 3495 doesn't support Inline posture node?

Cisco Lab Hardware / Lab Switch Recommendation (on behalf of Onis)
« on: October 09, 2014, 11:16:12 PM »
Can you recommend to me, any cisco switch series that can do ccna through ccie syllabus. I look forward to hear from you

Security / User Profile - ACS 5.X (on behalf of Michael)
« on: August 29, 2014, 09:14:42 AM »
Can a service be created and attached to User Profiles? Our current implementation for Sandvine-Group = "sv_operator,sv_admin" on ACS 4.2 attaches it to User Profiles and was wondering if there's a way to replicate that for ACS 5.2. (Create a User Profile and attach the Custom attribues to that user). As an alternative, how would you recommend it be implemented? Thanks for your help on this matter. Kind Regards, Michael

Security / ACS 5.4 OTP on behalf of techuser123
« on: August 07, 2014, 04:55:56 PM »
I need your help to configure OTP using RADIUS Identity Servers, but I can't find any documentation related to it, this will be SMS server

Pages: [1] 2
SimplePortal 2.3.5 © 2008-2012, SimplePortal