Tag Archives: firepower

Creating a Firepower Peer to Peer Dashboard

Peer to peer applications are a significant challenge for policy enforcement solutions. Any flows that slip through as an undetermined application type may allow the file sharing app to function. The first key to addressing this challenge is simple visibility … Continue reading

Posted in Uncategorized | Tagged | Comments Off on Creating a Firepower Peer to Peer Dashboard

Firepower Access Control Policies

The Firepower ecosystem is a powerful NGIPS/NGFW solution. At that heart of the configuration construct is what is known as the Access Control Policy. Comparing this to something familiar is possible by thinking about the much simpler filtering feature in the … Continue reading

Posted in Uncategorized | Tagged | 1 Comment

Firepower Indications of Compromise

Several days ago I wrote an article about Firepower Sinkhole rules. While I was confirming this in a lab, I temporarily created a custom DNS sinkhole rule. That rule classified requests for temp.packetu.com as Command and Control and returned an IP address … Continue reading

Posted in Uncategorized | Tagged | 1 Comment

Firepower Threat Defense — DNS Sinkholing

A few days ago I wrote an article that described Firepower DNS Policies. One item that probably warrants a little more discussion is DNS Sinkholing. Although the title of this article indicates Firepower Threat Defense, this will also work with Firepower … Continue reading

Posted in Uncategorized | Tagged | 2 Comments

Understanding Firepower DNS Policies

One cool feature added with Firepower version 6 is probably best described as DNS-based Security Intelligence, Inspection and Sinkholing. The thought is pretty simple. If a host issues a DNS request for a host that is known to be malicious, … Continue reading

Posted in Uncategorized | Tagged | 2 Comments

Manual URL Filtering in Firepower

A few days ago, someone asked me the following two questions– Is a URL filtering license required to manually filter sites in Firepower? Are wildcards supported as filtering criteria? The short answer to the first question is simply no. There … Continue reading

Posted in Uncategorized | Tagged | 1 Comment

Accessing ASA CLI in Firepower Threat Defence

I’ve recently loaded Firepower Threat Defense on an ASA5525 for my home Internet firewall. For those unfamiliar with FTD, it is basically a combination of critical ASA features and all of the Cisco Firepower features in a single image and … Continue reading

Posted in Security, Technology | Tagged | 8 Comments

VLAN Bridging with FirePOWER

Although not immediately obvious, the FirePOWER Series 3 devices can do a form of IPS on a stick. This means that the capability described here should be available to the current appliance versions of the FirePOWER managed devices. The premise involves … Continue reading

Posted in Security, Technology | Tagged | 13 Comments

Getting the Sourcefire Firepower VM working Inline

The Sourcefire NGIPS/NGFW solution is a way to quickly get some interesting information about traffic on a network. One of the things I like about the solution is that actionable information is almost immediately available after deployment. There are five deployment … Continue reading

Posted in Network, Security, Technology | Tagged , , | 2 Comments