|
|
Pages: 1 2 3 [4] 5 6 ... 10
31
I generated an Enterprise CA on my domain (secops), and I'm trying to generate an identity cert for a client network so we can use Duo with FMC/FTD. Everything is working from "MY" domain joined computer (following the Microsoft/ISE export/CSR process), I have my ACC-ROOT-CA, pasted the contents into the FTD > Add Cert Enrollment > CA Certificate|Manual page, generated CSR, took the contents and back to the CA server to sign the cert, getting the .cer with my client's certificate information (O=IT, etc). My client gets an authentication server failed and so do I from any non-domain joined computer. How do we create a cert such that any computer with that cert stored in the Trusted Root Cert Authority can pass authentication? Once that is resolved, it will all work b/t Duo SSO and RAVPN with FTD!
32
« Last post by spykas on April 22, 2022, 04:55:07 AM »
Yes , that is the case .
Thank you.
33
« Last post by MC on April 17, 2022, 08:40:58 PM »
Are you talking about from two different FMC, one running 6.4 to the other running 7.0? If so, not that I know of.
34
« Last post by spykas on April 08, 2022, 11:39:52 PM »
Hello ,
is it possible to migrate (export ? ) IPS rules from 6.4 to 7.0 and convert them to SNORT 3 ?
Thank you.
35
« Last post by MC on March 13, 2022, 10:25:14 PM »
What is the exact issue you are having?
36
« Last post by cerebr0_1 on March 11, 2022, 07:06:39 AM »
Hi MC
please can you tell us how did you fix the issue
37
« Last post by MC on February 05, 2022, 10:03:33 PM »
If you use switches for border node that can be virtualized, either stackable or stackwise virtual, then do so to minimize the number of BGP connection you will need to fusion device. All the underlay links in the fabric should always be redundant and routed, so no VLAN or STP should exist. You can refer to Cisco recommended design in the SDA CVD below. It covers all the different size deployments. You are not allowed to view links.
Register or Login
38
« Last post by clemish on February 04, 2022, 06:08:25 AM »
So, for an SDA Small Deployment, a collapsed design (due to limited hardware) whereby configuring BGP and sub-interfaces on the Firewall peering with the Dist/Core switch (SW1) would be the preferred deployment, understood. Alternatively, in an Enterprise design, I would anticipate the preferred design be to replace the BC1 "router" with a stackable or HA pair of L3 switches port-channeled to the Core/Dist pair/stack of switches (SW1) to ensure high-availability and h/w fault tolerance (replace Loopbacks with SVIs). In other words, we would inject another HA layer in order to perform BGP peering to separate the VRF/VNs between the new layer and the SW1(Dist/Core) pair of switches (/30 VRF subnets in your design). Would this be the appropriate design for SDA Medium/Large deployments?
Pages: 1 2 3 [4] 5 6 ... 10
|
Recent Posts