Cisco FTD: AMP/URL Filtering/Threat Detection and AVC
Jul15

Cisco FTD: AMP/URL Filtering/Threat Detection and AVC

KB ID 0001686 Problem This brings me to the end of my recent FTD articles. Although this is not a complete run though of all the capabilities, it will point you in the right direction to enable; AMP Inspection. URL Filtering. IDS/IPS Inspection. AVC Inspection. Solution Each of these is a ‘Licensed Feature’ which means it’s going to cost you. Not only that, but  you need to have the licences in your Cisco Smart...

Read More
Cisco FTD (and ASA) Creating AnyConnect Profiles
Jul07

Cisco FTD (and ASA) Creating AnyConnect Profiles

KB ID 0001685 Problem A few days ago I did an article on Deploying Cisco AnyConnect with the Cisco FTD, there I glossed over the AnyConnect profile section. For a long time now, we have been able to edit the AnyConnect profile from within the firewall (if we are running ASA code!) But for the FTD we need to take a step backwards and go back to using the ‘offline’ AnyConnect profile editor. Solution Firstly you need to...

Read More
Windows Server DHCP Failover & Load Balancing
Jul06

Windows Server DHCP Failover & Load Balancing

DHCP Failover KB ID 0001488 Problem Applicable to: Server 2012/2016/2019/2022 Even though we have had this functionality for a while, I’m still seeing people deploy DHCP scopes (split 80/20) across two servers? You can deploy multiple DHCP servers to serve the SAME DHCP scopes, in either load balanced, or hot standby deployment.  Solution: DHCP Failover I’m assuming you already have one DHCP server setup and, with a...

Read More
Outlook (for macOS) Notifications Stopped Working
Jul02

Outlook (for macOS) Notifications Stopped Working

KB ID 0001684 Problem Like most of us I spend my working day based around Outlook calendar meetings and entries, I’ve even got birthdays and anniversaries in there. So recently when the notification pop-ups stopped working, it was a potential problem. Occasionally I could hear the notification ‘sound’, but I had to open outlook and change to the notification window to see them. When you are as absent minded as me,...

Read More
Cisco ASA VPN Static to Dynamic IP (DHCP)
Jul01

Cisco ASA VPN Static to Dynamic IP (DHCP)

KB ID 0001683 Problem I had a call with a client last week, they are in one of my employer’s DCs, and their servers are behind a vASA. They had purchased some Meraki MX devices for their IT team who were working remotely (during the Covid-19 lockdown), and were struggling. Normally we would just suggest AnyConnect, but these guys were building new machines for  their clients, and needed access directly to the domain from their...

Read More
Cisco FTD Deploy AnyConnect (from FDM)
Jun26

Cisco FTD Deploy AnyConnect (from FDM)

KB ID 0001682 Problem In this article I will focus on ‘Remote Access’ VPN, which for Cisco FTD means using the AnyConnect client. Ive spent years deploying this solution for ASA so it’s a product I know well. As with all things Cisco, there are a couple of things that could trip you up. Let’s get them out of the way first. If you are used to AnyConnect then you probably have the client software. It’s the...

Read More
Cisco FTD Site to Site VPN
Jun18

Cisco FTD Site to Site VPN

KB ID 0001681 Problem While working out how to create a VPN on the Cisco FTD (Firepower 1010), I thought I might as well set it up to the Cisco ASA that I have in the Data Center on my test network. This is what I’m connecting;   Create Site to Site VPN On Cisco FTD (using FDM) Using a web browser connect to the devices FDM > Site to Site VPN > View Configuration. Create Site-to-site-connection. Connection profile name:...

Read More
Remove and Reinstall Microsoft WSUS
Jun17

Remove and Reinstall Microsoft WSUS

KB ID 0001679 Problem I don’t like WSUS, the product is OK (ish) the problem with it is, every time it’s deployed, typically the person it was deployed for never looks after it, or manages it properly, and months/years later it becomes a massive ‘bag of spanners’, which is never the client’s fault, it’s always the poor guy who built it, or the support company’s fault. If you run WSUS, log into...

Read More
Configure Cisco FTD Port Forwarding (via FDM)
Jun17

Configure Cisco FTD Port Forwarding (via FDM)

KB ID 0001680 Problem You have a Cisco FTD device that you manage via FDM, and you would like to setup port forwarding. In the example below I will forward TCP Port 80 (HTTP) traffic from the outside interface of my FTD Device (Firepower 1010) to an internal web server on 10.254.254.212 Solution (Step 1: Create an FTD NAT Policy) Using a web browser connect to the FDM > Polices > NAT > Add.   Set the following options; Title:...

Read More
Cisco Firepower 1010 (FTD) Initial Setup
Jun16

Cisco Firepower 1010 (FTD) Initial Setup

KB ID 0001678   If you’re here you’ve either purchased a new Cisco Firepower device running FTD (FirePower Threat Defence) or have re-imaged your Firepower device from ASA to FTD code. On its factory defaults, the unit will have the following settings. Inside IP address (VLAN 1) 192.168.1.1 (on all interfaces from 2 to 8). Outside IP Address set to DHCP in interface 1. Management IP address 192.168.45.1 on the Management...

Read More