Cisco FirePOWER – Update Fails ‘Peer Registration Failed: Registration in Progress’
KB ID 0001162 Problem If you attempt to perform an update on the FirePOWER services module in your firewall, you may see the following error; Error Installation Failed: Peer registration in progress. Please retry in a few moments I found myself in this situation because I’d attempted to register the firewall in the FirePOWER Management Center Appliance, and the process failed, (because the versions were different). So when I...
Cisco Small Business (SG500) Link Aggregation (LAG) With LACP
KB ID 0001277 Problem At work a client was having trouble with a NAS Drive (Buffalo Terastation). It was being used as a backup target and some of the servers were dropping connections. I knew the client had some Catalist 3750’s So I suggested going and creating an Ether Channel to the two NICs in the NAS box, to try and cure the problem. However when I went onsite, I noticed the 3750 didn’t have any spare Gigabit ports...
ASA Setup FirePOWER Services (for ASDM)
KB ID 0001107 Problem Both the 5506-X (rugged version and wireless), and 5508-X now come with a FirePOWER services module inside them. This can be managed from either ASDM* (with OS and ASDM upgraded to the latest version), and via the FireSIGHT management software/appliance. Related Articles, References, Credits, or External Links *UPDATE: All ASA ‘Next-Gen’ firewalls can now have their Firepower Service Module managed...
FMC – AMP Malware Inspection
KB ID 0001159 Problem If you take a look in your SourceFire dashboard, and there is no data shown on the malware threat section like so; Solution The message is pretty descriptive, and it’s telling you exactly what you need to do. Now I’m making the assumption that you have added a valid AMP / Malware licence like so; Policies > Access Control > Edit your access control policy > Then Edit the file policy. Add in...
AnyConnect Group Authentication With Cisco ISE and Downloadable ACLs (Part 2)
KB ID 0001156 Problem Carrying on from PART 1 Solution Add > Create Before. Edit the Policy Giv the policy set a name and description > Create a new condition. Set Description to Device Type. Equals > All Device Types (The Device Group You Created Above). Add attribute value. Set Description to RADIUS. NAS-Port-Type-[61]. Equals > Virtual. Edit the Authentication Policy. Change the identity source to the the identity...
AnyConnect Group Authentication With Cisco ISE and Downloadable ACLs (Part 1)
KB ID 0001155 Problem To be honest it’s probably a LOT easier to do this with Dynamic Access Policies, but hey, if you have ISE then why not use it for RADIUS, and let it deploy downloadable ACL’s to your remote clients and give them different levels of access, based on their group membership. I’m going to keep things simple, I will have a group for admins that can access anything, and a group for users that can only...