Tag Archives: firepower

Using Geolocation in Firepower Access Control Policies

The use of geolocation is fairly obvious in monitoring networks with Firepower Management Center. What may be less obvious is that Continents and Countries can also be specified as the source or destination of connections in an Access Control Policy. … Continue reading

Posted in Security | Tagged , | 2 Comments

Capture w/Trace in Firepower Threat Defense

A few days ago I wrote an article demonstrating the Packet Tracer feature for troubleshooting Firepower Threat Defense. Another very cool tool for troubleshooting is the Capture w/Trace Feature. The power of this tool comes from both capturing a PCAP file … Continue reading

Posted in Security | Tagged , | Comments Off on Capture w/Trace in Firepower Threat Defense

What is FlexConfig in Firepower Threat Defense?

Earlier this year, Cisco released Firepower 6.2.0. With that release came a feature called FlexConfig. Someone is digging around the UI might not initially understand the purpose or function of this configuration option. A really quick answer to this is that … Continue reading

Posted in Security | Tagged , | 4 Comments

Packet Tracer in Firepower Threat Defense

I wanted to share a quick post on a feature that I have found incredibly useful on the ASA and has been extended to Firepower Threat Defense. The feature is called Packet Tracer and is an easy way to apply … Continue reading

Posted in Security | Tagged , | 1 Comment

Creating a Firepower Peer to Peer Dashboard

Peer to peer applications are a significant challenge for policy enforcement solutions. Any flows that slip through as an undetermined application type may allow the file sharing app to function. The first key to addressing this challenge is simple visibility … Continue reading

Posted in Uncategorized | Tagged | Comments Off on Creating a Firepower Peer to Peer Dashboard

Firepower Access Control Policies

The Firepower ecosystem is a powerful NGIPS/NGFW solution. At that heart of the configuration construct is what is known as the Access Control Policy. Comparing this to something familiar is possible by thinking about the much simpler filtering feature in the … Continue reading

Posted in Uncategorized | Tagged | 1 Comment

Firepower Indications of Compromise

Several days ago I wrote an article about Firepower Sinkhole rules. While I was confirming this in a lab, I temporarily created a custom DNS sinkhole rule. That rule classified requests for temp.packetu.com as Command and Control and returned an IP address … Continue reading

Posted in Uncategorized | Tagged | 1 Comment

Firepower Threat Defense — DNS Sinkholing

A few days ago I wrote an article that described Firepower DNS Policies. One item that probably warrants a little more discussion is DNS Sinkholing. Although the title of this article indicates Firepower Threat Defense, this will also work with Firepower … Continue reading

Posted in Uncategorized | Tagged | 2 Comments

Understanding Firepower DNS Policies

One cool feature added with Firepower version 6 is probably best described as DNS-based Security Intelligence, Inspection and Sinkholing. The thought is pretty simple. If a host issues a DNS request for a host that is known to be malicious, … Continue reading

Posted in Uncategorized | Tagged | 2 Comments

Manual URL Filtering in Firepower

A few days ago, someone asked me the following two questions– Is a URL filtering license required to manually filter sites in Firepower? Are wildcards supported as filtering criteria? The short answer to the first question is simply no. There … Continue reading

Posted in Uncategorized | Tagged | 1 Comment

Accessing ASA CLI in Firepower Threat Defence

I’ve recently loaded Firepower Threat Defense on an ASA5525 for my home Internet firewall. For those unfamiliar with FTD, it is basically a combination of critical ASA features and all of the Cisco Firepower features in a single image and … Continue reading

Posted in Security, Technology | Tagged , | 8 Comments

VLAN Bridging with FirePOWER

Although not immediately obvious, the FirePOWER Series 3 devices can do a form of IPS on a stick. This means that the capability described here should be available to the current appliance versions of the FirePOWER managed devices. The premise involves … Continue reading

Posted in Security, Technology | Tagged | 13 Comments