Todd Lammle Official Blog

…So in the last month, I had a couple customers that saw wildly different ICMP/PING delays when testing through an FTD box, however, I couldn’t replicate the issue on FTD boxes that weren’t running on top of FXOS meaning that I only saw the issue with 4100/9300’s. Cisco finally released a bug and fix, which […]

More

Cisco Bug CSCvn57284 – Unsupported EC curve x25519 on FTD  I just started running into this the last couple of days. About 1/3rd of the SSL websites I try to view with SSL decryption enabled fail with a SSL Block and the error “UNSUPPORTED_EC_CURVE (0xb9001d57)” in the connection log. Based on the x25519 curve in […]

More

I just can’t post all the bugs and fixes from Cisco, but over the last day or so Cisco has received thousands of calls on this bug – almost more than any other! So it’s worth your time to read… It’s an older bug, but I’d wager that it recently got added to someone’s attack […]

More

Here is what the documentation tells you about VPN traffic in 6.3. It’s an interesting read. Pay attention to the part I bolded: Quote From 6.3 Release notes: Changed default behavior for VPN traffic handling in the access control policy (sysopt connection permit-vpn ). The default behavior for how VPN traffic is handled by the […]

More

There are a couple new important changes in Firepower 6.3 code that fixed issues for a lot of my customers and all of my students. I had always known the work arounds for these issues, but by the time a customer either came to class or contacted me, they were frustrated beyond all belief. I […]

More

The new Cisco Firepower 6.3 code has a new feature, but you may find it more annoying than not. As soon as you login to your FMC you will be treated with a “How To” link on the bottom right of the FMC. By clicking this, you will receive a menu that you can use […]

More

There is a new Specific License Reservation available for approved customers.  This allows the using the Firepower Management Center (FMC) on an air-gapped network.  Previously, the only way to use the smart license feature was to have either Internet access or a satellite license server.  Now a special license can be installed which is valid […]

More

Well, the release of Firepower 6.3 is now upon us!  This release brings several long awaited features including multi-instance and FQDN Access Control rules.  Let’s take a closer look at some of the highlights. Licensing There is a new Specific License Reservation available for approved customers.  This allows the using the Firepower Management Center (FMC) […]

More

What does Cisco LINA stand for? What is Cisco LINA? Both really good questions…. LINA The Cisco ASA uses a single monolithic binary (ELF) running directly on the main CPU and the ASA firmware is a Linux operating system running a single ELF called LINA.  The older PIX devices ran on a custom OS called […]

More

Nov 5th & Dec 3rd week Firepower/FTD students: There are now close to 80 hands-on labs in my intense Firepower/FTD class! www.lammle.com/firepower Receive my new FTD 6.2.3 full Video series! Rent Pods to practice labs!  

More

In all my years of working with SourceFire and then ASA with Firepower, and now Firepower Threat Defense (FTD), I’ve never had a single problem with the VDB – until this week. Cisco put out a BAD VDB (300) that deletes the applications in your ACP. This is pretty horrible right? So let’s just delete […]

More

Update to this post 4/15/2019 Cisco is going to be releasing a new FTD migration tool soon. Cisco has added optimizations to the tool, to help users drop objects that are not reference in any of the rules, or to disable rules that have not been hit over time. Firepower Migration Tool is the one […]

More

Todd Lammle, LLC Cisco Firepower & Pure FTD class will teach you the fundamentals from the ground up, with no Power Points & only real life labs, how to configure, monitor and troubleshoot Firepower, and truly understand the FTD packet flow, which is critical to managing enterprise level Firepower clients. This is the only pure […]

More

Customers and students always ask me how to see what is in the  Firepower objects updated by the Cisco feed, so this blog will show you how to find this information. Security Intelligence is an object category that contains three different types of objects.  These are: Network DNS URL You can find and manage all […]

More

Let’s to through the directions on how to perform downloading advanced troubleshooting files on a 2100 as well as a 4100/9300. The commands are only slightly different between the 2100 and 4100/9300; understand that the 2100 only will create one file, and the 4100/9300 creates from 3 to 5 files, depending on the modules installed. […]

More

Password Reset First, here is how you reset the password, and then we can get in and reset the box back to factory default 1. Reboot 2. Use BREAK, ESC or CTRL+L to interrupt boot 3. Find the boot flash command and make a note of kickstart image and system image 4. Load the kickstart […]

More

There are 3 types of streamer issues in the Cisco Firepower FMC and in different releases. The first is the enforcement of TLS, which was introduced in 6.1. That broke the most integrations. The second issue is eStreamer documentation requires a two-way SSL authentication. At some point, the client part of authentication started failing because […]

More

It’s hard to understand how to traverse the CLI prompts when your in the 4100/9300 FTD devices. Here is a diagram on how you can easily traverse the Cisco FTD CLI from the FXOS module. By using these commands, you won’t have to open a CLI to the FXOS AND to the FTD console.

More

So many customers and students ask me about how to see the NAT events in their FMC and my answer is no way, nada, nope – not going to happen. By looking at the detailed packet flow of Cisco FTD devices posted in an earlier post, we can understand why we can’t see the Lina […]

More

It’s important to understand the packet flow for a FTD device. By understanding the flow you can both troubleshoot and create true policy, and knowing your detection process will impact 2 things: • How you analyze the data • How you tune your security appliance Optimizing detection also becomes easier when you understand the complete […]

More