Few questions you will most probably hear on your next job interview.

Lately, for whatever reason it may be, many of my friends/colleagues/acquaintances switched the jobs and mostly because they wanted to. And hearing their accounts of job search I catch myself that while offered positions and employers differ there are ever returning themes/questions that arise on the job …



Number of connected SecureClient or Secureremote users

Here is how to see number of connected to the gateway users. Nothing special/interesting and I am sure somewhere in the SecureKnowledgeBase it is to be found but with recent licensing improvements people ask a lot about that. VALS - real-time number of currently connected users. PEAK - largest number of …



Checkpoint - turn netconf.C routes into linux route command

I must confess that I prefer good solutions today over perfect solutions tomorrow. So when the need aroused to do a script that takes netconf.C and transforms all the route statements in it to the general linux form of "route add xxx" I did this one-liner you can see …



snmp-map in ASA is for passing through traffic only

I don’t know who to blame – me for not being attentive or Cisco documentation for being vague, but when I read about snmp-map inspection that allows you to block selectively by SNMP version I decided it was the way to protect ASA itself from such queries. And only with …



ASA 8.2 now speaks SNMP v3 decently

This article is all about SNMP in ASA. ASA has much less configuration options than IOS does, and this is good. Starting version 8.2 ASA supports version 3 of the SNMP protocol which adds new security model to the whole SNMP stack. But first we will start with old …



sla monitor in Cisco ASA land

SLA monitoring is finally here. What is it useful for ? To add/remove dynamically routes in ASA depending on results of the SLA status. Below is configuration steps but while there are many words in the command itself there are not much options there , so the command is long but …



Teach Cisco ASA to speak NTP

Time is precious, even more when you need accurate logging . Let's configure NTP time synchronization on our ASA 5510. Configs are pretty simple, but worth remembering a thing or two. ASA can not be NTP server as opposed to IOS. You can use prefer optional keyword with ntp server command …



Redundant interfaces in Cisco ASA

In Cisco ASA they called it interface redundancy. The idea is to provide for the physical link failure. That is – you combine two physical interfaces on the ASA into a virtual one, then you configure all the Layer 3 parameters on this virtual interface. At the same time only ONE …



Find SmartCenter address on the firewall module

I am sure there are gazillion ways to find the IP address of the managing this module SmartCenter/ Security Management Server, but here comes the one I use. Works on firewall module as well as on the SmartCenter itself , even more - gives the same result, surprising no ? [Expert@FW-XL1]# fw …



Playing with RIP on ASA

Cisco ASA and RIP RIP has been with ASA for years and in this article I will try to cover all possible scenarios in configuring, misconfiguring. debugging and verifying it. As I come up with new ideas how to break the RIP on ASA I will update this article as …