AnyConnect: Allow ‘Local’ LAN Access
KB ID 0001689 Problem Note: This WONT WORK if you ‘force-tunnel’ or ‘tunnel-all’ remote VPN traffic, (if you are unsure Google ‘what’s my ip’ > Take note of it > Connect to AnyConnect and repeat the procedure, if your public IP address has changed to the IP address of the ASA then you force-tunnel/tunnel-all traffic). With more people remote working now, I’m getting a lot more...
VMware Converter ‘A file I/O Error Occurred’
KB ID 0001688 Problem It seems every time I use VMware Converter, there’s some new error that jumps up and makes me stumble! Yesterday the problem was; FAILED: A file I/O error occurred while accessing Solution Some searching told me this is actually a DNS problem, (where the converter could not resolve the DNS name of the machine being converted). BUT I had put the FQDN directly into this machines ‘hosts file’ so I...
Patch Your DNS Servers! SigRed
KB ID 0001687 Problem WARNING: This is rated 10 on the CVSS scale. Affected Server OS: Windows 2003, Windows 2008, Windows 2008 R2, Windows 2012, Windows 2012 R2, Windows 2016, Windows 2019 Yesterday Microsoft released a critical notice (KB4569509) to address vulnerabilities identified in (CVE-2020-1350). Basically it allows a remote attacker to perform remote code execution on your DNS servers (unless you patch them!) The reason its...
Cisco FTD: AMP/URL Filtering/Threat Detection and AVC
KB ID 0001686 Problem This brings me to the end of my recent FTD articles. Although this is not a complete run though of all the capabilities, it will point you in the right direction to enable; AMP Inspection. URL Filtering. IDS/IPS Inspection. AVC Inspection. Solution Each of these is a ‘Licensed Feature’ which means it’s going to cost you. Not only that, but you need to have the licences in your Cisco Smart...
Cisco FTD (and ASA) Creating AnyConnect Profiles
KB ID 0001685 Problem A few days ago I did an article on Deploying Cisco AnyConnect with the Cisco FTD, there I glossed over the AnyConnect profile section. For a long time now, we have been able to edit the AnyConnect profile from within the firewall (if we are running ASA code!) But for the FTD we need to take a step backwards and go back to using the ‘offline’ AnyConnect profile editor. Solution Firstly you need to...