View Cart
0 Items | Total: US$0.00
Welcome,      Register

You are here

Home » Security » SEC0243 - FTD 6.1 Prefilter Policy (Part 3)

SEC0243 - FTD 6.1 Prefilter Policy (Part 3)

Rating: 
5
Average: 5 (1 vote)
Difficulty Level: 
0
Lab Document: 
<Please login to see the content>
Category: 
Security
The video introduces you to Pre-filter policy on Cisco FTD 6.1. We will demonstrate how prefilter policy can be used in addition to a regular access control rule to allow (Fastpath) or drop traffic and prevent them from further processing. The second half of the videos takes you through another feature called Tunnel Rule that allows FTD to analyze unencrypted tunnel traffic.
 
Part 3 of this video covers prefilter policy with Tunnel rule
 
Topic:
  • Prefilter Policy
    • Fastpath, Block, Analyze
  • Access Control Policy
  • GRE Tunnel
  • Tunnel Rule 
  • Zone Reassignment
Tag: 
asa
firepower
sourcefire
ngfw
ftd
prefilter
acl
tunnel
gre
fastpath

About Author

Metha Chiewanichakorn, CCIE#23585 (Ent. Infra, Sec, SP), is a Cisco networking enthusiast with years of experience in the industry. He is currently working as a consulting engineer for a Cisco partner. As a founder of and an instructor at labminutes.com, Metha enjoys learning and challenges himself with new technologies.
http://www.linkedin.com/in/methachiewanichakorn

4 comments

Submitted by eraj on Mon, 01/08/2018 - 10:41

Hey Metha, Thank you very much for great video mentors. Got a question and unfortunately could not resolve with TAC engineers too. Somehow the FTD blocks the traffic for PPTP after when it starts validating user credentials. I can connect the PPTPD server within the subnet but can't get it behind the firewall. Do you have any idea what to look at?

Thanks
Eraj

Submitted by admin on Wed, 01/10/2018 - 19:47

First of all, does PPTP works without FTD? If so, do you have both TCP/1723 and GRE allowed on FTD? Do you see anything else being blocked on event log? Try to disable all inspection as well.

Submitted by eraj on Thu, 01/11/2018 - 11:15

Thanks for your reply. Yes, it does work and connects to a computer on the same subnet my PPTPD is located but does not allow even from the other interface regardless of outside or inside. I allowed TCP/1723 and does not have any prefiltered rules that could block GRE and by default it is allowed I assume. I have a few inspections but:
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect icmp error
inspect ip-options UM_STATIC_IP_OPTIONS_MAP
inspect icmp
class class-default
set connection advanced-options UM_STATIC_TCP_MAP

As you see PPTP is not among them. It is giving error 619 after verifying username and password. I had similar issue with ASA but there inspection of PPTP resolved ther issue. Any other thoughts how I might resolve it?

Thanks

Submitted by admin on Sat, 01/13/2018 - 02:34

Can you allow GRE on Acccess Control Rule and see if that works? After that if you rather use inspection, you can try to use FlexConfig to insert the command.