Posts

SMA - System Administration Tab was missing

Image
  The issue was licensing The issue was the license under >Management Appliance> System administration > Smart licensing   There was an error there stating that sma stopped communication with smart account for more than 90 days. Go to    sma cli and run >Grep >16 " Tue Jan 14 00:24:08 2025 Warning: Failed to renew certificate of the product with Smart Software Manager due to {"product_instance_identifier":["ProductInstance '870ae19a-351-4bbc-a73a-b8b9aef26166' is not valid"]} " "To resolve this you need to go and re-register the SMA to smart account (smart license > Action > Reregister. Need to create token) " Mon Jan 20 12:20:35 2025 Info: Renew authorization of the product with Smart Software Manager is successful. “

Domains over Split tunnel RA VPN

Use case: Split tunnel remote access VPN   In split tunnel VPN most of the times we are passing clients networks (most of the times private addresses) over the tunnel. That means that the remote workers they are using their local internet line to access the internet.   What if they want to “pass” some urls over the tunnel? Most of the cases that happens if the specific destination need to be accessed from the gateway address.     The solution for this is Dynamic split tunnelling.   This can be configured from group-policy > Anyconnect   > Custom Attributes > +   Select Dynamic Split tunnelling And then Add the url need to be accessed over the split tunnel. *Reminder to allow this traffic from VPN filter if used and access controll used if  sysopt connection permit-vpn is enabled Documentation

WSA Troubleshooting

  grep "212.77" Access_Logs    //Search in access Logs for specific IP grep  1 facebook grep 1 403  <- deny connections Enter the number of the log you wish to grep.      ####edo evalle to expression pou theli na kami match. []> 1 Enter the regular expression to grep. []> gmama  ||facebook  ||  Do you want this search to be case insensitive? [Y]>  Do you want to search for non-matching lines? [N]>  Do you want to tail the logs? [N]> Y Do you want to paginate the output? [N]> tail Access_Logs Live search by using ip and domain as filter grep "10.20.210.52.*box.com" Access_Logs -t

FTD Port-channel troubleshoot

  #Show fault  To display fault information  # connect fxos To connect to the FXOS command shell(4100/9300). (fxos) # show interface ethernet X/Y To view Ethernet interface status. (fxos) # show port-channel summary To display summarised information about configured port channels. (fxos) # show lacp counters interface port-channel X Displays LACP traffic statistics for a particular portchannel (fxos) # show lacp interface ethernet X/Y Displays LACP information for the Ethernet interfaces. (fxos) # show lacp internal event-history interface ethernet X/Y Displays internal LACP events for the specified Ethernet interface

FTD CLUSTER BUG

 FTD Version 7.2.5 when trying to create a cluster  FTD CLI sec-dcfw-01#  Detected Cluster Master. Beginning configuration replication from Master. .. Cryptochecksum (changed): 2f2f9cae ea5dbc33 a1eb4bda 3379b6fb  End configuration replication from Master. Unit is kicked out from cluster because of interface health check failure. Cluster disable is performing cleanup..done. All data interfaces have been shutdown due to clustering being disabled. To recover either enable clustering or remove cluster group configuration. Searching the error i found the bug https://bst.cisco.com/quickview/bug/CSCus54932 Upgrade to 7.4.2 (currently recommended) the cluster builded as expected.

FTD error on FMC "Resource utilization is high"

Image
  First check the FTD Memory > show memory  Free memory:        8373597176 bytes (81%) Used memory:        1992966480 bytes (19%) -------------     ------------------ Total memory:      10366563656 bytes (100%) Login as expert and check TOP. just to see what utilizing the memory > expert  FW01:~$ sudo su We trust you have received the usual lecture from the local System Administrator. It usually boils down to these three things:     #1) Respect the privacy of others.     #2) Think before you type.     #3) With great power comes great responsibility. Password:  > expert  FW01:~$ sudo su We trust you have received the usual lecture from the local System Administrator. It usually boils down to these three things:     #1) Respect the privacy of others.     #2) Think before you type.     #3) With great power comes great responsibi...

Solarwinds Interface monitoring

 Solarwinds Interface monitoring on Asymmetric lines Be aware that if you have asymmetric Download and Upload speed from your ISP and add the device on the solarwind you have to manually set the bandwidth of the interface as by default is "reading" the configured one. Even if you have configuration for bandwith and Bandwith receved.