Hitting 100% CPU after restore on Firepower Management Center

I recently purchased a new microserver to reduce my power footprint at home. And I had to move the FMC (Firepower Management Center) from the OpenStack deployment that I previously ran at home. However, I ran into several bugs in OpenStack that were fixed in later versions, but I couldn’t upgrade because of another bug. Essentially I hit a catch-22 and had to deploy a new FMC on that new microserver and use a restore to move the data and policies. In that process I did hit a bug for which I’d like to share some info on. Continue reading “Hitting 100% CPU after restore on Firepower Management Center”

Firepower on ASA, Firepower Threat Defense, what is what?

Yesterday (5 sept) Cisco finally released Firepower Threat Defense 6.2.2 Now is a new update not always a big thing but this specific release had me waiting for quite some time. Key to this release is the support of remote access VPN (e.g. anyconnect) in the FTD image. So FTD was already available on ASA5500-X platform, but if you used anyconnect on your ASA, you just had to wait for this release. But what now is the difference between Firepower on ASA and FTD.. Continue reading “Firepower on ASA, Firepower Threat Defense, what is what?”

DMVPN DualHub EIGRP Traffic Engineering

With the advance of vDSL, Fiber, cable Internet and the appropriate SLA’s bussiness Internet connections have become increasingly reliable. By choosing the local ISP’s carefully it is much more interesting for a company to replace the MPLS connections for an Overlay network based on redundant Internet connections. As a result businesses quite often obtain a higher speed connection for much lower rates. One of the business cases I made in 2006/2007 had a 70% decrease in annual costs compared to their European WAN line based on an MPLS service provider including High Availability. Continue reading “DMVPN DualHub EIGRP Traffic Engineering”