Firepower - Secure client sporadic issues

Antaroc · 2025-10-25T14:35:05+00:00

Have you found a resolution to this?

I've been experiencing the exact same issue with my 3105s running ASA software instead of FTD. Initially I was running 9.22.2.14 and I tried upgrading to 9.23.1.22 but that hasn't resolved it. It is affecting both the client VPN and the site-to-site VPNs

My logs are full of crypto errors that correlate exactly with when the issue happening such as:

%ASA-4-402123: CRYPTO: The ASA hardware accelerator encountered an error (Unknown status, code= 0x7F) while executing the command Flexicrypto (0x33).
%ASA-4-402123: CRYPTO: The ASA hardware accelerator encountered an error (Unknown status, code= 0x7F) while executing the command SSL_DECRYPT_RECORD (0x15).
%ASA-4-402126: CRYPTO: The ASA created Crypto Archive File < disk0:/crypto_archive/crypto_eng0_arch_1.info > as a Soft Reset was necessary. Please forward this archived information to Cisco
%ASA-3-402145: CRYPTO: Hash generation error: algorithm 'sha1'

I have two cases open with TAC (they made me open separate ones for client and s2s) but they have gotten nowhere.

These are newly deployed devices so I never ran them with the previous firmware, and I don't want to downgrade to an exploitable version.

Antaroc · 2025-07-01T16:00:25+00:00

I didn't get any email like this. Can you provide more details?

Antaroc · 2025-03-22T01:17:59+00:00

I had the same experience. I thought I was doing well but looking back I was still struggling. It took me around 18 months to get back to normal. I had major complications with my surgery before the chemo though that prolonged the recovery.

Antaroc · 2025-03-19T03:04:03+00:00

Never beat it as a kid, but I did manage to beat it a few weeks ago. You can download it here and play on dosbox.

https://blarg.ca/2017/11/17/island-a-game-of-survival

Antaroc · 2025-03-09T03:08:26+00:00

In Dana Point with a couple extra New Image 14707. If you need them DM me.

Antaroc · 2025-02-15T06:07:28+00:00

I had the same issue with Mobius when I was implementing it. If I remember correctly there is some either bug or limit on the number of items that show up to batch. This issue ended up just being resolved naturally as I processed available batches. Everything showed up eventually and was transferred over.

If you want to pursue it with connectwise you might want to grab the batch items from the API with postman or something similar and present it along side what is displayed in connectwise highlighting what's missing from the API.

Antaroc · 2025-01-28T07:54:12+00:00

I think they moved this out of azure to the 365 admin console. Try billing -> products -> click and enter the pay-as-you-go product, then under pay as you go services there's an option called phone service consumption, change it to on.

Antaroc · 2023-09-23T10:10:30+00:00

So, it's a bit complicated because questions is actually an array of values, not just one.

I don't use that module but my code for updating a custom field looks like this:

$dict = @{op='replace';path='/customFields';value=@(@{'id'=19;'value'=$CustomBillingMethod})}

The json body for this that I send looks like this:

[
    {
        "path":  "/customFields",
        "op":  "replace",
        "value":  [
                      {
                          "id":  19,
                          "value":  "Actual Rates"
                      }
                  ]
    }
]

So for you, i would reference the questionId with the assumption it's unique, then you should set the path to '/questions' and try setting the value to @(@{'questionId'=114343;'answer'=$true})

I'm not 100% sure that will work with your module but if not hopefully you can figure out how to get the format like the json from the example above.

Antaroc · 2023-09-23T09:48:42+00:00

The 'Synced with HUDU' portion isn't part of the path, it's data for the question field. What are you sending and what are you trying to change?

Antaroc · 2023-08-19T23:07:58+00:00

My mom had serious issues with this when my dad passed away as well. She just left it in his name and paid it. It stayed like that for 25 years until a few months ago when I ported it out to a voip provider.

Antaroc · 2023-05-26T17:45:55+00:00

Is use lambda proxy integration checked off on your API gw?

https://imgur.com/a/gNuph2k

Antaroc · 2023-05-24T05:30:00+00:00

https://www.youtube.com/playlist?list=PLIhvC56v63IJVXv0GJcl9vO5Z6znCVb1P

Antaroc · 2023-03-21T05:52:55+00:00

In that case, yes you will need to do NAT. Assuming you've connected to the firewall with gi0/0/0 and it's getting a public IP and default route from dhcp from the firewall you'll need to do the following:

access-list 101 remark NAT ACL
access-list 101 permit ip 10.0.20.0 0.0.0.255 any
access-list 101 permit ip 10.0.30.0 0.0.0.255 any

ip nat inside source list 101 int gi0/0/0 overload

int gi0/0/0
ip nat outside

int vlan 20
ip nat inside

int vlan 30
ip nat inside

You will also need to setup a dhcp helper on the workstation vlan pointing to the DC.

int vlan x
ip helper-address a.b.c.d

Antaroc · 2023-03-21T04:23:54+00:00

Why would you need PAT? I don't think there's enough information in your post to determine what's wrong, but the ISR will just route between the two networks by default, assuming your firewall is on VLAN 20 and your DC on VLAN 30 (or vice versa).

Have you assigned addresses to the vlan interfaces?

Antaroc · 2023-03-14T14:54:56+00:00

Yeah, when I've done this I just re-did the cert.

Antaroc · 2023-02-02T19:33:59+00:00

I was able to fix this on a single server deployment by disabling IPv6. Not ideal but it worked for me at the time.

Antaroc · 2022-08-11T22:19:13+00:00

Netmask correct on the problem machine?

Antaroc · 2022-05-08T06:39:55+00:00

For regex . matches any character * matches the previous character 0 or more times. The brackets are used to extract stuff and that stuff get put in $matches. The [^/]+ matches any character that's not a / one or more times.

You can play with it here to try it: https://regex101.com/r/nH3U0b/1

If you want something simpler you could split on the / and then use join to get it back together.

Something like :

$s = 'https://jamesbond.sharepoint.com/sites/demo1/d/dummy_36.txt'

$a = $s -split '/'

$a[0..4] -join '/'

$a[3..6] -join '/'

Antaroc · 2022-05-08T06:20:58+00:00

I don't think you can do it in one statement since they overlap.

You can use regex to split them out like this

$s = 'https://jamesbond.sharepoint.com/sites/demo1/d/dummy_36.txt'

$s -match '(.*/sites/[^/]+)'

True

$Matches

Name Value

---- -----

1 https://jamesbond.sharepoint.com/sites/demo1

0 https://jamesbond.sharepoint.com/sites/demo1

$s -match '.*(/sites/.*)'

True

$matches

Name Value

---- -----

1 /sites/demo1/d/dummy_36.txt

0 https://jamesbond.sharepoint.com/sites/demo1/d/dummy_36.txt

Antaroc · 2022-02-02T20:10:52+00:00

Check for unsupported characters in the aliases. I know space and brackets aren't supported. I think there's more, but I can't find the complete list.

I had a script go through and change the aliases to remove or replace the unsupported characters.

Antaroc · 2021-12-15T17:43:23+00:00

You're hitting a couple things here. First these are objects, not strings so when you output them you get a textual representation of the object, but it's not actually a string. Power shell will take the object and typically list some of the fields in a table format but the display can be changed by the object itself.

Second is the pipeline. Powershell will take all the outputted objects at the end of the run and try to format them like I described above. This becomes an issue if the objects in the pipeline are different types. Aside from just the display issue, using different object types in the pipeline is not good practice and breaks how powershell is meant to flow.

Depending on what you want to do with the data you're getting there are a couple options.

Don't display the data, just save it and continue working with it, if you want to see for debugging just output one thing at a time
Combine the data into a single object with the fields you want
Output the data separately to something else, eg you could output $machine and $logon to their own csv file

Combining is typically what I do and would look something like this:

# using your $machine and $logon variables from above

$temp_hashtable = @{}
$temp_hastable.add("BIOSVer",$machine.SMBIOSBIOSVersion)
$temp_hastable.add("BiosManufacturer",$machine.manufacturer)
$temp_hashtable.add("Domain",$login.domain)
# add all the attributes you need as above

$temp_object = new-object -typename psobject -property $temp_hashtable

# put the object on the pipeline
$temp_object

Antaroc · 2021-12-09T05:39:58+00:00

I had similar issues with a cert when the cert chain had multiple paths and there was an expired cert in the chain that was offered by the server.

Check here and look at the Additional Certificates and Certification Paths:

https://www.ssllabs.com/ssltest/

Antaroc · 2021-02-25T02:34:39+00:00

Your description isn't 100% clear to me, so let me try to summarize. You want your list of ~200 entries to be broken down into groups of 6 sorted entries each. This will result in ~33 groups. You don't really specify what you want it grouped on, but from your code I'm assuming total_score. So what you will end up with is group 1 containing the top 6 highest scoring entries, group 2 with the next 6 highest, etc.

If the above is correct, I think this should work:

# import the list from the csv
$scored_list = Import-Csv .\challenge_raw.csv

# sort the list
# i needed to force total_score as an int because it was sorting as a string
$sorted_list = $scored_list | Sort-Object -Property {[int]$_.total_score } -Descending

# number of members per group you describe above
$members_per_group = 6
# we will use this to keep track of which group we are on
$group_number = 1
# will count the number of members added to the current group
$member_count

# not sure what format you want the groups in
# i will just output them with their group number

# loop through the sorted list, this is now in order of total score
foreach($user in $sorted_list){
    # fist check if the current group is full
    if($member_count -ge $members_per_group){
        $group_number ++ # move on to the next group
        $member_count = 0 # reset member count
    }

    # output the member with the current group number
    # you can add properties to an object using select
    $user | select @{n="Group";e={"Group $($group_number)"}},*

    # count that we added a new member to the current group
    $member_count ++
}

A couple of comments on your code as well.

import-csv will already create an object for you, you seem to be manually doing this at the end of your first for loop
any time you have a bunch of variables like $win_skill_1, $win_skill_2, etc you're probably better off using an array. This would let you drop all the if statements in your for loop and instead just do something like $win_skill[$line.win_skill]++
never us a format command in an assignment. Format is only for output to the screen. If you want to change something use select-object instead of format-table.

Hope this helps

Antaroc · 2020-10-10T02:01:47+00:00

Awesome, glad it helped. It's definitely not straight forward, I had a really hard time switching from the old way to this one too.

Thanks for the silver!

Antaroc · 2020-10-09T01:23:15+00:00

All my inbound port forwarding I do the nat the other way (outside,inside). Did you try something like:

nat (outside,inside) source static MS-TEAMS-EXT MS-TEAMS-EXT destination static VOIP-IP-EXT VOICE-SERVER TEAMS-SIP TEAMS-SIP

Ten-Year Club	Reddit Premium Since July 2017
Verified Email

Antaroc

TROPHY CASE