View Cart
0 Items | Total: US$0.00
Welcome,      Register

You are here

SEC0226 - ASA Firepower 6.0 URL and DNS Security Intelligence (Part 1)

Rating: 
5
Average: 5 (4 votes)
Difficulty Level: 
0
Lab Document: 
<Please login to see the content>
The video introduces you to the concept of URL and DNS Security Intelligence on ASA Firepower 6.0. Unlike their predecessor, Network-based SI that monitor traffic at the IP address level, URL and DNS SI allow or deny traffic based on URL and DNS requests. We will go through some lab exercise of configuring both static and dynamic feed. We will also demonstrate an ability to have Firepower intercept and redirect DNS request to a sinkhole target.
 
Part 1 of this video covers configuration and testing of URL Security Intelligence
 
Topic:
  • URL Security Intelligence
    • Static BlackList and Whitelist
    • Custom Dynamic URL Feed
    • Cisco Dynamic URL Feed
  • DNS Security Intelligence
    • Static BlackList and Whitelist
    • Custom Dynamic DNS Feed
    • Cisco Dynamic URL Feed
  • Access Policies
  • DNS Sinkhole

About Author

Metha Chiewanichakorn, CCIE#23585 (Ent. Infra, Sec, SP), is a Cisco networking enthusiast with years of experience in the industry. He is currently working as a consulting engineer for a Cisco partner. As a founder of and an instructor at labminutes.com, Metha enjoys learning and challenges himself with new technologies.

2 comments

What's really the main difference between URL and DNS blacklisting? Can't one replace the other?

They are actually different. URL inspection is based on web traffic and DNS inspection is based on DNS lookup. Technically, if DNS is blocked, there should be no web traffic follows but in case DNS is not blocked just becuase for some reason the FW did not see it, the web traffic cna still be blocked.