About mmmccorkle

Hey Cheon, According to this document... How to Configure Minimum Password Complexity for User Accounts  , these features are for local administrator accounts only. Thanks! ... View more

Hey Gafrol and cheon They both share the same internal bug ID 45996. According to the notes, they found three different variations of this vulnerability and split it into three different threat IDs. 30852 35090 and 35107. This was shipped out with content version 337. Yes, the cover the same threat but cover different variations, apparently. Thanks! ... View more

Hey Skidoohead, Let me lay out multiple scenarios for you. 1. The firewall has a local definition for the file in question.      - When the firewall is set to scan the supported file types, it will check the local database and compare the md5 hash of the file. If the md5 hash is found, it will take the appropriate action, as configured. The file, if malicious and configured correctly, will not be allowed to pass. 2. The firewall does not have a local definition for the file in question, but the cloud has seen the file before.       - The firewall checks the local definitions for the md5 hash and it finds nothing. It then reaches out to the cloud and checks for the md5 hash there. We find a match and the cloud reports back and tells us what its verdict was. The file, if malicious and configured correctly, will not be allowed to pass. This happens within milliseconds and you will see a 'wildfire-upload-skip' in the submission logs. 3. The firewall does not have a local definition for the file in question and neither does the cloud.      - Same as all the other scenarios, but this file has not yet been scanned by the cloud therefore no verdict has been determined. The file will be uploaded to the cloud and the cloud will reply back as soon as it has a verdict on the file. In this scenario, the file will be allowed to pass the first time. Wildfire will not hold the email/file captive in the firewall until a determination has been made. This is not how Wildfire works. Let me know if I can clarify anything. Thanks! ... View more

I also have a case where this was mentioned during a migration from CP. Looks like this was the same case after all Thanks for providing further information. I am reaching out to the appropriate team to bring this to their attention. For reference: 346260 ... View more

Satish, The SSLv3 is not disabled for you although you are running 6.1.2? Thanks ... View more

Alle, We should be able to take the same policy configured for what was in place (2050) and apply it to the new (5020) assuming that they will be running the same version. If you were going from the 5020 to the 2050, I'd say this would be a little more difficult. Should be straight forward... let me know if we can clarify anything more specific you run into. Thanks! Please do not forget to mark and 'Helpful' or 'Correct' replies. ... View more

Mandar, As mentioned by Gregoux, the client will connect to the gateway with the quickest response time. Thanks! Please do not forget to mark and 'Helpful' or 'Correct' replies. ... View more

Mikebowler, This will not directly answer your question, but will provide some details on active/active vs. active/passive. HA Active Active vs Active Passive.pptx Thanks! Please do not forget to mark and 'Helpful' or 'Correct' replies. ... View more

Sigma, In regards to your note on the missing logs, I would imagine we would see something, even if it fails as the responder. Can you verify if there is any dropped packets on the firewall coming from that ASA? Thanks! Please do not forget to mark and 'Helpful' or 'Correct' replies. ... View more

Sven_Lieckfeldt, and just to confirm... those specific machines were never logged into with credentials prior to this happening? Thanks! Please do not forget to mark and 'Helpful' or 'Correct' replies. ... View more

Rich.hansen, Have we narrowed down the relevant traffic logs to see what the firewall is doing with that traffic? If so, please provide us with this information. Thanks! Please do not forget to mark and 'Helpful' or 'Correct' replies. ... View more

Efurtado, In addition to the above statement, can you confirm that the zip archives were not password protected or zipped into multiple layers? Thanks ... View more

Kevin, Hmmm... So to block this you would need to know something like their IP address, right? Otherwise the only 'block' will be denying that user access. I'm sure that their IP address will be constantly changing as they are on a mobile device. If we are not wanting to reply on just the username/credentials being denied and the firewall logging this, then that is the only possible solution I could think of. How else could we block this? Thanks! Please do not forget to mark and 'Helpful' or 'Correct' replies. ... View more

Jcampbell01, In addition to what was mentioned above, last time I checked, we are unable to remove these default accounts. Thanks! Please do not forget to mark and 'Helpful' or 'Correct' replies. ... View more