ISA500 Series

Similar Messages

• ISA500 series PCI compliance scans

  We have a single customer who's having a problem with their credit card PCI vendor, First Data, scanning their ISA550W running 1.2.15.  Of all my customers with an ISA500 series device, this is the only customer who has had a PCI vendor tell them they cannot run their scans and that they must whitelist an entire /24 to allow the scans to continue.  The only open port is an encrypted remote support port and there are no other ACLs in place to block anything other than the defaults that ship with the ISA.  Anyone have any ideas why the First Data would have a problem with the ISA550W?

  Thanks for your reply.  First Data http://biz.yahoo.com/ic/14/14441.html well, what can you say, they're big bully and in this case you have to love what ended up being the problem.  First Data sent this to the customer:
  This is an automated email to notify you that a PCI vulnerability scan of the IP  addresses or domains used by CUSTOMER NAME could not be completed. This scan  is included as part of your PCI Rapid Comply services.
  Please confirm  that the following IP addresses or domains are the ones you use for the  transmission of cardholder data. Unless you have paid extra to your Internet  Service Provider to get a "static" IP address, your IP address may have  changed.
  xxx.xxx.xxx.xxx
  Also, please make sure you have added the  following IP addresses to your firewall (and/or IDS/IPS) whitelist:
  38.123.140.0/24 for the duration  of your PCI scan. If another department within your organization (or a vendor)  manages your firewall and IDS/IPS, please make them aware of this scan and  request that the above IP addresses are temporarily added to the  whitelist.
  You need to have a passing PCI scan to be compliant.  Therefore, once you have confirmed that the target hosts are correct and that  your firewall and IDS/IPS whitelist allows access by 38.123.140.0/24, please schedule  another PCI scan of the networks used to process, transmit, or store cardholder  data.
  Thank you,
  First Data PCI Rapid Comply Support Team
  [email protected]
  As you stated, what these fools don't seem to get is by whitelisting their IPs any outside network scans (this isn't done by an internal software scanner but from their remote network) becomes moot.  I tried explaining to their trained monkey that the proper behavior for a firewall that detects remote scans is to block those scans.  The guy kep reading to me off his 3"x5" index card (I'm sure it wasn't a card, but you get my drift).  He clearly had never even seen a firewall let alone managed a network.
  After a couple hours of bouncing around inside First Data and shaking limbs, my customer got a call back from their account rep who stated that they were totally PCI compliant and that the e-mail was BOGUS!  The e-mail was sent out just after 10AM Sunday, 23 June 2013 and we were notified 24 hours later.  So 26 hours later this company who prides itself on being one of the biggest CC processing companies out there is too lazy to send a follow-up e-mail admitting they sent out false notifications wasting their customers' time and mine.  I asked their media rep who called me back about 3 hours after I got the call from the customer, "who gets the bill for my time?"  She had no answer.  Hopefully the lawsuits pending against PCI and CC processors will have a chilling effect on their strong arm tactics and their clueless PCI scans.

• ISA500 series and Shellshock bug

  Hello,
  Would the shellshock bug be corrected with a new firmware for the ISA500 series?
  It would be nice even the support end in November 14.
  And to correct the VPN issue at the same time. It's boring to reboot the device each 2-3 weeks while all tunnel fails.

  Hi,
  For up-to-date information on products affected by 'Shellshock', please see the official Security Advisory at the following link:
  http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140926-bash
  Please note the ISA500 is listed under 'Products Confirmed Not Vulnerable'. 
  Thanks,
  Brandon

• ISA500 Series - Captive Portal

  Hi,
  Is there anyone who have the Captive Portal working properly with a FQDN approved certificate ? I have already installed a approved certifiacte but each time the client is redirected to the Captive Portal default ip address on the ISA router used. Is there any option where it will redirect to a FQDN example the host and domain name of the router - insted of the routers ip adress ?
  Regards
  Tonni

  Hi Tonni, thank you for using our forum, my name is Luis I am part of the Small business Support community. I apologize for your inconvenience, in this case I found an article and I thought that could be helpful in order to configure your Captive Portal.
  http://www6.nohold.net/CiscoSB/Loginr.aspx?login=1&pid=2&app=search&vw=1&articleid=3458
  I hope you find this answer useful
  Greetings,
  Luis Arias.
  Cisco Network Support Engineer.

• New Firmware (v2.2.0.7) Released for SA520 SA520W SA540 SA500 Series Routers

  Cisco has released new firmware for the SA500 Series routers.  It's version 2.2.0.7 and can be downloaded here:
  http://software.cisco.com/download/navigator.html?mdfid=282414017&i=rm
  We have been running on this version on our SA540 for months.  Other than some changes to logging that we don't particularly like, it has been a very stable release for us although 2.1.71 was extremely stable in our environment as well.
  Our environment:
  SA540 (gateway router)
  three Linksys E4200 v1 routers (configured in "bridge mode" which turns the devices into WAP's)
  Netgear GS724Tv3 switch (with two ports in LACP link aggregation mode which are used by our Synology NAS)
  Synology DS1812+ NAS (in link aggregation mode)
  Several 5- and 9-port unmanaged switches
  Several Windows machines (PC's, servers, laptops) of many flavors
  Several MAC laptops of many flavors connected via wired and wireless
  Several tablets (iPads, Kindles, Touchpads, Xooms, etc.) of many flavors connected via wireless
  Several smartphones (iPhones, etc.) of many flavors connected via wireless
  At any one time we have ~75 active devices on our network of which ~25 are wireless.  Max ~100 devices.
  We utilize IPS and ProtectLink. We do not take advantage the ProtectLink email protection or license the ProtectLink Endpoint functionality.
  BTW, our cable modem is directly connected to our SA540.  Our SA540 is directly connected to our Netgear switch.  Nothing else is connected to our SA540.  Our Netgear switch, and to a small part our numerous unmanaged switches, do all of the heavy lifting.
  Our SA540 and Netgear switch handle all of the traffic with ease, but we are a relatively small shop.

  Hi Curtis
  Thanks for posting in our forum
  We appreciate your comments about our products, I would add that if you want to see the release note of this new firmware release, you can see it  in the following link.
  http://www.cisco.com/en/US/docs/security/multi_function_security/multi_function_security_appliance/sa_500/release/sa500_rn_2-2-0-7.pdf
  You can also be interested to see our new security devices , the  “ISA500” series.
  http://www.cisco.com/en/US/partner/prod/collateral/vpndevc/ps11850/ps11752/data_sheet_c78-717565.html
  Greetings
  Johnnatan Rodríguez Miranda
  Cisco Network Support Engineer

• ISA 500 series maximum password lenght

  Hello,
  What is the maximum password lenght that the new ISA500 series supports for users, both local database and with RADIUS server? Our two factor identification needs 44 characters + PIN.
  Thanks.

  Hi John, thank you for using our forum, my name is Johnnatan I am part of the Small business Support community. To answer your question the maximum password length that the ISA500 series supports for users is 1-64 characters and the port range is  from 1 to 65535. I hope you find this answer useful
                                                                            "GuideMe"
  Cisco has a very useful tool called GuideMe, is made for small business products, and your device is in this category, you can use this address for accessing the tool:  http://sbkb.cisco.com/CiscoSB/Loginr.aspx?alt1=&pid=4&eroute=Super , is very easy to use, just complete the 3  spaces on this way:
  Select a category: (Select the device type on request), e.g. Routers
  Enter model: (Type the model on request), e.g. RV042
  Question: (Type what you want to know  about the device), e.g. VPN
  And it'll be showing all the information you need about what you wrote.
  “Please rate useful posts so other users can benefit from it”
  Greetings, 
  Johnnatan Rodriguez Miranda.
  Cisco Network Support Engineer.

• Official replacement for the SR520 in SBCS (UC500) deployments

  Now that the SR520 as well as the SA500 series are EoL/EoS, what is the officially supported equipment (ie. configurable through CCA) for small teleworker and remote offices using the UC500 SBCS system? Is it the ISA500?

  Dear Partner,
  Thank you for reaching Cisco Small Business Support Community.
  The ISA570W or the RV215W would be the best equipment to get that combines highly secure Internet, wireless, site-to-site, and remote access VPN plus many other features to accomplish today's needs and challenges. Please refer to their datasheets for details
  ISA500 series datasheet;
  http://www.cisco.com/en/US/prod/collateral/vpndevc/ps11850/ps11752/data_sheet_c78-717565.html
  RV215W datasheet;
  http://www.cisco.com/en/US/prod/collateral/routers/ps10907/ps9923/ps12678/data_sheet_c78-712088.html
  Please let me know if there is anything else we may assist you with.
  Kind regards,
  Jeffrey Rodriguez S. .:|:.:|:.
  Cisco Customer Support Engineer
  *Please rate the Post so other will know when an answer has been found.

• ISA 570 utm log view

  Hi,
  I configured ISA 570 Web URL Filtering policy assigned to Zone , its working and blocking the website as per confiuration ,
  but i am not able view the detail log , which website it blocked and visted by which user.Please help to do the same.
  Thanks
  kunal

  Hello Kunalmausam83,
  Have you tried setting the Log Facilities on the device? You can control what type of logs are sent where. For instance, you can choose to have the Web URL Filtering logs be sent to an email, remote log, or the local log.
  Here is an article that shows you how you can do this:
  Log Facilities on ISA500 Series Integrated Security Appliances
  I hope this helps!

• ISA570 Block Non-HTTP Access by FQDN instead of IP Address

  Does anyone know a way to block any access to a site by FQDN instead of its ip address on the ISA500 series devices?  I know you can block website access with Web URL filtering using FQDNs, but what it you want to block non-HTTP traffic to a site that has either multiple IPs or dynamic IPs?  I typically use  Address Management to setup sites that I want to limit or block, but you have to define specific IPs or ranges and that doesn't always work especially if host IPs are dynamic.   Also, host static IPs can change over time so even if you define them in Address Management you have to periodically audit them to make sure they are still correct.
  This is not only an issue with blocking sites, but also in trying to define QoS policies as those use addresses defined in Address Management which again use specific IPs or ranges.  I am just trying to find a more reliable, long term, method of doing these types of management activities on the ISA500 devices.
  Thanks for any advice.

  I am pretty sure you cannot do this on ISA.  I think you could use opendns.com to accomplish blocking non-http sites by FQDN.  You could do blocking and QOS by FQDN  with what Cisco generally considers the replacement for this product, the Meraki MX60.

• SA520W shellshock?

  I saw this notice about ISA500 series being vulnerable.
  https://tools.cisco.com/bugsearch/bug/CSCur05513 
  Here is a list of open source software used in the ISA series
  http://www.cisco.com/c/dam/en/us/td/docs/security/small_business_security/isa500/release/1-1-13/ISA570_OSD_1-1-X.pdf 
  I don't understand where is vulnerability is, BusyBox uses Ash not Bash. Where is bash on the ISA?
  The reason i ask is because i have an SA520W, which i think is quite similar, but not directly mention in the announcement.
  Here is a list of SA520 open source software 
  http://www.cisco.com/c/dam/en/us/td/docs/security/multi_function_security/multi_function_security_appliance/sa_500/release/SA500_OSD_2_2_0_x.pdf

  Hi,
  For up-to-date information on products affected by 'Shellshock', please see the official Security Advisory at the following link:
  http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140926-bash
  Please note the ISA500 is listed under 'Products Confirmed Not Vulnerable'.  Other products are still being investigated.
  Thanks,
  Brandon

• New DVR Scheduler Bugs: Priority Settings No Longer Working, Scrolling Series Schedules is Flakey

  Hi,
  After this last HD DVR update, I have two new problems:
  1) I can no longer set the priority of most of my series schedules. I have about 100 series schedule entries, which the DVR update probably wasn't tested for.
  Now when I try to set a series priority, it LOOKS like it worked, but if I get out of DVR options and go back into Manage Recordings, 90% of the time I find that the series priority is either unchanged, or (even worse) has bounced up to some unexpected random priority - Thus, I have to search the series list  to find it - Then I cannot move it back to where it's supposed to be!
  It seems that only moving a series priority a little bit will sometimes work, but moving the series from near the top of the list to near the bottom (or vice-versa) doesn't work at all, even though it may appear like it worked until the list is refreshed (either by paging up and down the list a few times, or by exiting the DVR manager and going back in).
  2) The scrolling is messed up now in the series schedule manager - When setting Priority, as I scrool up or down from the middle of the list using the arrow or Page buttons,  the list will end unexpectedly, making it impossible to actually drag the series to the bottom or top of the list. Then if you deposit the series at the "end" of the list, suddenly the rest of the list will then magically appear (of course, the series schedule you deposited there will no longer be where you deposited it - See problem #1). Obviously the list is running out of buffer space, so the next part of the list isn't being loaded while you're in the process of changing a series priority..
  Scrolling is also messed up just scrolling through the list without changing priority: Scrolling through my series schedules USED to be very FAST and painless using the Page (Channel) up/down button, I could scroll from top to bottom of my 100 series schedules in a matter of like 5 seconds. NOW, it takes forever and is a real pain to scroll from top to bottom, because the scrolling pauses on just about every other page - As though it ran out of buffer space and is having trouble loading the next buffer.
  I have a lot of series schedule entries so all the First-run Programs are at the top of the priority list, then all the re-runs are in the bottom half of the list. That's the only way I have found to prevent Re-Runs from hijacking new programs, since there's no DVR option to prevent re-runs from inteferring with new episodes (BTW, in order for this to work, the First-Run schedule must be created first. Then a duplicate First-Run and Reruns schedule must be created - Creating them in reverse order will throw a "Duplicate" error message).
  The DVR software has always been buggy and feature-depribed, but this is rediculous - To think the programming team didn't even test the scrolling and priority of series schedules is as bad as the ObamaCare website, and that's setting a very low bar! You HAVE to test EVERYTHING when you release new updates, even if the programmers say it won't affect anything else, because from my experience programmers develop tunnel vision (been there, done that myself), and if you have more than one person on the programming team, neither programmer will communicate their changes to anyone else (been there, done that too).

  I have the identical problem after the recent software upgrade which VERIZON did to my DVR.
  In addition, I have "Manual Series" listed under the "Manage Series Recordings" section of my DVR for about 10 of the tv shows that I have tagged to be recorded weekly. Several others have reported this seemingly related problem to this forum.
  I've tried twice to report the latter problem to VERIZON's technical support staff, but met with indifference in the first attempt (a guy recommended that I replace my DVR with a new one - an utterly ridiculous suggestion), and in my second attempt I got a somewhat helpful lady who couldn't correct this glitch and was unaware of others having same problem but promised to send it up the flagpole to higher level tech folks (best action that I realistically could get).
  As I told VERIZON's techies, I likely was not the only customer experiencing these problems - and your and others postings to this forum confirm my initial hunch.  VERIZON leaves a lot to be desired in the testing of their software "upgrades".

• I am having a major issues to report machine -G6 series

  Hi. Team
                  This is a serious customer issue that I have to report .I am Owning an HP G6 series laptop. After 7 months of purchase I am facing lots of issue with this. The system is getting stucked sometimes and the controllers  of Keyboard and mouse are not working, While the time of boot up it is making big noise. All these issues I have reported to authorized service center of HP Maha electronics(Cochin).And the engineers over there observed the issue and replaced my hard disk two times. But the fact is like I am still facing the issue. Till today I have given two times to authorized HP service center (Maha electronics )Cochin. Days after the second time repair I had gone to US and I was unable to report the issue for the third time. I recently came to India and I have reported the issue in HP authorized service center (Maha Electronic)Bangalore. But by that time I came to know that my machines warrantee got over.And they neglected my request saying it cannot be done under warrantee.
                  Team, Please think that I have reported the problem during the time of warrantee itself, And your engineers couldn’t able to repair it properly to me.Frankly speaking, They have kept my laptop more than weeks under their custody for observation. But they were failed to find out the root cause of the issue. The folks reading this mail might be thinking that this issue can be, Now because of damage of some other stuff, but it’s absolutely no, Why because, You folks can check the description of the problem with the laptop during my first repair visit(Check the slip’s issue’s reported description) With this serial no([Personal Information Removed]).And still they are not specific about the root cause. This was happened mainly in (Maha Electronics)Cochin. They are not specific about the issue changing all parts by parts without any logical sense.
                  Folks, Act sensibly to your customer. It’s because of deep sadness I am saying these words. I was having 100% trust with your product(HP).But Now ,if anyone ask me about to which laptop to go with, I am having no words to tell them. How can I believe your engineers and give my words to my fellow beings.
  Thanks And Regards.
  Nijil [Personal Information Removed]

  Sorry to say we folks are not HP employees and have no access to your service records so there is not much help we can provide other than moral support

• SSRS 2008 Column Chart with Calculated Series (moving average) "formula error - there are not enough data points for the period" error

  I have a simple column chart grouping on 1 value on the category axis.  For simplicity's sake, we are plotting $ amounts grouping by Month on the category axis.  I right click on the data series and choose "Add calculated series...".  I choose moving average.  I want to move the average over at least 2 periods.
  When I run the report, I get the error "Formula error - there are not enough data points for the period".  The way the report is, I never have a guaranteed number of categories (there could be one or there could be 5).  When there is 2 or more, the chart renders fine, however, when there is only 1 value, instead of suppressing the moving average line, I get that error and the chart shows nothing.
  I don't think this is entirely acceptable for our end users.  At a minimum, I would think the moving average line would be suppressed instead of hiding the entire chart.  Does anyone know of any workarounds or do I have to enter another ms. connect bug/design consideration.
  Thank you,
  Dan

  I was having the same error while trying to plot a moving average across 7 days. The work around I found was rather simple.
  If you right click your report in the solution explorer and select "View Code" it will give you the underlying XML of the report. Find the entry for the value of your calculated series and enter a formula to dynamically create your periods.
  <ChartFormulaParameter Name="Period">
                    <Value>=IIf(Count(Fields!Calls.Value) >= 7 ,7, (Count(Fields!Calls.Value)))</Value>
  </ChartFormulaParameter>
  What I'm doing here is getting the row count of records returned in the chart. If the returned rows are greater than or equal to 7 (The amount of days I want the average) it will set the points to 7. If not, it will set the number to the amount of returned rows. So far this has worked great. I'm probably going to add more code to handle no records returned although in my case that shouldn't happen but, you never know.
  A side note:
  If you open the calculated series properties in the designer, you will notice the number of periods is set to "0". If you change this it will overwrite your custom formula in the XML.

• SSRS show trend chart over column chart per series groups

  Need help in designing following report in SSRS, where I have a chart report with 2 category grouping fields and 1 series group field (as with category grouping, the reason being, i need to show columns in group of 4 joined together based on their grouping
  on top) .
  Below are my queries
  1. how to show my category grouping values on top of chart (showing group in different color) and series grouping values on bottom of chart (under each bar)
  2. I need to show trend line over each series group data.
  For example, First category group is over hotel name, second category group is over room type (deluxe, executive & suite) and one Series group over week number (for a month report), and the chart value is total occupancy (per hotel per room type per week
  number). Now for point 1, Hotel name and room type needs to be on top of the column (total occupancy) chart, where a week iteration number (1,2,3,4 for a month) at the bottom of the chart under every column.
  And for point 2, I need to show trend line per room per week occupancy was improved or not.
  Regards, Sujay

  Hi Sujay,
  According to your description, you want to display the two category group values at the top of the total occupancy value. Also you want to create a trend line over series values.
  For your first requirement, you can specify the Label data as a combination of two category group values and total occupancy values. Then change the location of series group value legend. Please refer to below screenshot.
  For your second requirement, you can add additional total occupancy values to the Chart Data panel, then change the chart type as Smooth Line.
  If you have any question, please feel free to ask.
  Best regards,
  Qiuyun Yu
  Qiuyun Yu
  TechNet Community Support

• SSRS Chart group dataset by Year (series groups)/Month (category groups) force intervals to start at JAN?

  Hi all,
  trying to figure this out in REPORT BUILDER, but I guess I can go to VS if needed...
  I've got a data set that says "sales" and its basically order summarycontaining:
  id, dateplaced, and other stuff...
  I want to use this dataset to show trendline for annual qty of orders
  created line chart with "countDistinct(id)" as the series for X
  category groups = groupby "=Month(dateplaced)" and label "=MonthName(Month(dateplaced)"
  series groups = group by "=Year(dateplaced)" and label the same.
  I think this is working as intended, please correct if not.
  The PROBLEM I'm seeing is that since my dataset returns data starting around september so my "axis" starts in september... I really would prefer it starts at Jan and ends in December... I can't see any way to do this...
  The only things I could think of are;
  put fake data in dataset that returns "empty" values for jan in the first year of data...
  change the query completely to make sure tehre are "year" "month" groupings... somehow...
  but both of these approaches seem to be "hacky" and not very maintainable or clear...
  Help!

  Hi noJedi,
  According to your description, you want to you have the category group in your chart always start from January. Right?
  In Reporting Services, when we set category group, the records will sort by the sequence of data in database by default. However, we can apply expression in
  Sorting so that those records can sort by the month. We have tested your scenario in our local environment, here are steps and screenshots for your reference:
  1. Create a chart and put the corresponding expression into category and series group.
  2. Right click on category group. Go to Sorting tab. Put the expression below into sorting expression.
  3. Save and preview. The result looks like below:
  Reference:
  Sort Data in a Data Region (Report Builder and SSRS)
  If you have any question, please feel free to ask.
  Best Regards,
  Simon Hou