snmp-map in ASA is for passing through traffic only

I don’t know who to blame – me for not being attentive or Cisco documentation for being vague, but when I read about snmp-map inspection that allows you to block selectively by SNMP version I decided it was the way to protect ASA itself from such queries. And only with …



ASA 8.2 now speaks SNMP v3 decently

This article is all about SNMP in ASA. ASA has much less configuration options than IOS does, and this is good. Starting version 8.2 ASA supports version 3 of the SNMP protocol which adds new security model to the whole SNMP stack. But first we will start with old …



sla monitor in Cisco ASA land

SLA monitoring is finally here. What is it useful for ? To add/remove dynamically routes in ASA depending on results of the SLA status. Below is configuration steps but while there are many words in the command itself there are not much options there , so the command is long but …



Teach Cisco ASA to speak NTP

Time is precious, even more when you need accurate logging . Let's configure NTP time synchronization on our ASA 5510. Configs are pretty simple, but worth remembering a thing or two. ASA can not be NTP server as opposed to IOS. You can use prefer optional keyword with ntp server command …



Redundant interfaces in Cisco ASA

In Cisco ASA they called it interface redundancy. The idea is to provide for the physical link failure. That is – you combine two physical interfaces on the ASA into a virtual one, then you configure all the Layer 3 parameters on this virtual interface. At the same time only ONE …



Find SmartCenter address on the firewall module

I am sure there are gazillion ways to find the IP address of the managing this module SmartCenter/ Security Management Server, but here comes the one I use. Works on firewall module as well as on the SmartCenter itself , even more - gives the same result, surprising no ? [Expert@FW-XL1]# fw …



Playing with RIP on ASA

Cisco ASA and RIP RIP has been with ASA for years and in this article I will try to cover all possible scenarios in configuring, misconfiguring. debugging and verifying it. As I come up with new ideas how to break the RIP on ASA I will update this article as …



Subnet calculator in Checkpoint firewall

Should you ever forget intricacies of the subnetting Checkpoint have subnetting calculator right in their firewalls - ipcalc. Given subnet show the 1st Ip (network) : ipcalc -n 192.168.34.45/27 NETWORK=192.168.34.32 Given subnet show the last IP (broadcast) : ipcalc -b 192.168.34.45/27 …



Restart Checkpoint Smart Center/Management Server only, without traffic interruption

It comes to the top 10 questions I hear on a daily basis so here is how to restart Checkpoint Smart Center only (Security Management Server). It is especially useful in Standalone firewall topology, where the Management Server and Firewall module are installed on the same machine and you don't …



List of valid domain names for load testing DNS

I am currently running a bunch of tests on DNS resolver software called Unbound to see what it is worth and for that needed a list of valid domain names in different but controllable TLDs. The only resource to download such list I could find was 3 million records file …