In this post we are going to see how we can use the Firepower geolocation feature in the access control policy. The Firepower geolocation comes in handy if you want to block the traffic from or to one or more countries, or even one or more continents. The FMC has…
In this post you will see what could be the root cause of getting the “WARNING: The ID certificate associated with trust-point contains an Extended Key Usage (EKU) extension but without the Server Authentication purpose which is required for SSL use.” message on the ASA when you try to associate…
In this post I will share with you how to fix AnyConnect Management Tunnel Disconnected (connect failed) error, but before jumping in here is a quick heads up on what AnyConnect Management Tunnel is. AnyConnect Management Tunnel is a very cool feature that allows us to do some maintenance works…
This post will cover one interesting root cause of getting AnyConnect Certificate Validation Failure. I was working on setting up a Cisco AnyConnect Management Tunnel, which I will cover in another post, and for some reason when I was trying to establish AnyConnect SSL VPN from a Windows client, it…
This post covers a potential issue that might cause a Palo Alto VPN tunnel to be up but with no traffic flowing between the encryption domains. Here is the scenario I came across with a site to site VPN tunnel between a Palo Alto and a Cisco ASA behind a…
This post will cover how to configure Palo Alto site-to-site VPN with Cisco ASA. However, the post will not cover any of the ASA configuration parts, but please check out Cisco documentation on this link if required. Configuring a site to site VPN tunnel on Palo Alto firewalls is not…
When it comes to security, the word blacklist is always tied to something bad. However, this is not the case when we deal with health policies in Cisco FMC. FMC offers a nice feature called health monitor blacklist. This feature allows us to suppress the health alerts related to one…
In this post I will show you how to promote ISE secondary PAN to be the primary. The process is pretty easy, the only thing is that there would not be a way to do this from the primary PAN. So, to promote the secondary PAN to be the primary…
In this post I will show you how easy is to use Active Directory OUs in Cisco ISE authorization rules. Although it is not very common, but there are still a lot of companies around that are using the Active Directory OUs to segregate the users in Active Directory rather…
In this post I am going to show you how to shutdown Cisco FMC. I know it might seem basic, but some of us might not came across this task before. That would be the case if you are not a 100% focus on the FMC on a day to…