background preloader

FirePower

Facebook Twitter

Configure the SSL decryption on FirePOWER Module using ASDM (On-Box Management) Introduction This document describes the configuration of Secure Sockets Layer (SSL) decryption on the FirePOWER Module using ASDM (On-Box Management).

Configure the SSL decryption on FirePOWER Module using ASDM (On-Box Management)

Prerequisites Requirements. Configure the SSL decryption on FirePOWER Module using ASDM (On-Box Management) ASA FirePOWER Module User Guide for the ASA5506-X, ASA5506H-X, ASA5506W-X, ASA5508-X, and ASA5516-X, Version 5.4.1 - Importing and Exporting Configurations [Cisco Adaptive Security Device Manager] Importing and Exporting Configurations You can use the Import/Export feature to copy several types of configurations, including policies, from one appliance to another appliance of the same type.

ASA FirePOWER Module User Guide for the ASA5506-X, ASA5506H-X, ASA5506W-X, ASA5508-X, and ASA5516-X, Version 5.4.1 - Importing and Exporting Configurations [Cisco Adaptive Security Device Manager]

Configuration import and export is not intended as a backup tool, but can be used to simplify the process of adding new ASA FirePOWER modules. You can import and export the following configurations: access control policies and their associated network analysis and file policies intrusion policies system policies alert responses To import an exported configuration, both ASA FirePOWER modules must be running the same software version. For more information, see the following sections: Exporting Configurations License: Any You can export a single configuration, or you can export a set of configurations (of the same type or of different types) at once.

Configure the FirePOWER Module for Network AMP or File Control with ASDM. Introduction This document describes the Network Advanced Malware Protection (AMP)/file access control functionality of the FirePOWER module and the method to configure them with Adaptive Security Device Manager (ASDM).

Configure the FirePOWER Module for Network AMP or File Control with ASDM.

Prerequisites Requirements. ASA with FirePOWER Services Local Management Configuration Guide, Version 6.1.0 - Using ASA FirePOWER Reporting [Cisco ASA 5500-X with FirePOWER Services] Using ASA FirePOWER Reporting You can view reports on various time periods to analyze the traffic on your network.

ASA with FirePOWER Services Local Management Configuration Guide, Version 6.1.0 - Using ASA FirePOWER Reporting [Cisco ASA 5500-X with FirePOWER Services]

Reports aggregate information on various aspects of your network traffic. In most cases, you can drill down from general information to specific information. For example, you can view a report on all users, then view details about specific users. Overview and detail reports include multiple report components such as top policies and web categories. For more information, see: Understanding Available Reports. CLI Book 2: Cisco ASA Series Firewall CLI Configuration Guide, 9.5 - ASA FirePOWER Module [Cisco Adaptive Security Virtual Appliance (ASAv)]

Sourcefire Access Control Policies – Part One. Let me stress out one more time that this blog series is all about ASA5500-X with the SFR module.

Sourcefire Access Control Policies – Part One

Some things described here may be different for physical appliances. Now we have all installed and set up and we want to create our security policy. First of all, on Sourcefire we have tons of policies: access control policy, health policy, system policy, network discovery policy, intrusion prevention policy, … In this blog post we will deal with access control policy (ACP). So, what is access control policy? Well, it is what its name says: it controls the access through the SFR module. Before we redirect traffic from our ASA box, we should make sure that the right policy is applied to our SFR module. Before we proceed, here is our simple lab topology: Our ASA has the SFR module and runs in transparent mode. For this lab, we allow all L2/L3 traffic to pass through the ASA, because ACLs on ASA is not what this blog is all about.

Cisco Adaptive Security Device Manager - Configuration Guides. ASDM Book 2: Cisco ASA Series Firewall ASDM Configuration Guide, 7.6. ASA FirePOWER Module User Guide for the ASA5506-X, ASA5506H-X, ASA5506W-X, ASA5508-X, and ASA5516-X, Version 5.4.1 - Using ASA FirePOWER Reporting [Cisco Adaptive Security Device Manager] KB0001107 - ASA 5505-X / 5508-X Setup FirePOWER Services (for ASDM) Problem Both the 5506-X (rugged version and wireless), and 5508-X now come with a FirePOWER services module inside them.

KB0001107 - ASA 5505-X / 5508-X Setup FirePOWER Services (for ASDM)

This can be managed from either ASDM* (with OS and ASDM upgraded to the latest version), and via the FireSIGHT management software/appliance. Related Articles, References, Credits, or External Links. My Network Security Journal: ASA FirePower Basic Configuration. I've posted my first hands-on experience with the ASA FirePower module after I was sent for training a few months ago.

My Network Security Journal: ASA FirePower Basic Configuration

Our Cisco account manager was generous in providing me the hardware needed for my proof-of-concept (POC) in our office. Since my one-day training wasn't enough, I've used the videos found in Lab Minutes website to help with my POC. Cisco also released a free virtual FireSight demo website, which is still accessible as of this writing, where you can play around its policies all day long. The username is dcloud and 23083 for the password. . Configure and Manage ASA FirePOWER Module using ASDM Part 3. As mentioned previously, there are two ways to configure and manage ASA FirePOWER module using ASDM and FirePOWER Management Center.

Configure and Manage ASA FirePOWER Module using ASDM Part 3

We’ll cover in both options. Internet Edge Security: Migrating from CX to SourceFIRE. Upgrade Process to migrate from the CX Module to SourceFIRE (SFR) Two files makeup the SourceFIRE Boot Image and SourceFIRE Software.

Internet Edge Security: Migrating from CX to SourceFIRE

Example as follows: asasfr-5500x-boot-5.3.1-152.img asasfr-sys-5.3.1-152.pkg 1. 2. 3. 4. Video: Security - ASA FirePower. Cisco Security Webinar: Cisco ASA with FirePOWER. LDAP Connection failed to AD throw Firesight. FireSIGHT URL Filtering using Sourcefire User Agent and LDAP AD. No lie, this one took me a while to figure out.

FireSIGHT URL Filtering using Sourcefire User Agent and LDAP AD

First, if you haven’t done so already, check out this article which clearly explains (with pictures!) How to accomplish this basic URL filtering without user awareness: URL Filtering on a FireSIGHT System Configuration Example If you only desire to filter based on something basic like networks, you’re all set. However, if you want to get more granular and start creating policies based on AD/LDAP group membership, this post is for you. Configure Active Directory Integration with Firepower Appliance for Single-Sign-On & Captive Portal Authentication.

Grant Minimum Permission to an Active Directory User Account Used by the Sourcefire User Agent. Introduction This document describes how to provide an Active Directory (AD) user with the minimal permissions needed to query the AD domain controller. The Sourcefire User Agent uses an AD user in order to query the AD domain controller. In order to perform a query, an AD user does not require any additional permissions. Prerequisites Requirements Cisco requires that you install the Sourcefire User Agent on a Microsoft Windows system and provide access to the AD domain controller. Components Used This document is not restricted to specific software and hardware versions. The information in this document was created from the devices in a specific lab environment.