You are here
SEC0164 - ASA FirePower Network Discovery (Host and Application) (Part 1)
Difficulty Level:
Lab Document:
<Please login to see the content>
Category:
Security
The video introduces you to a concept of Network Discovery of Cisco ASA FirePower which is am essential component of building a intelligent security system. We will primarily focus on host and application discovery and will explain the differences between passive and active discovery. We will also look at how the discovered information are stored in a host profile and its significance.
Part 1 of this videos goes through Discovery Policy configuration, Custom Topolocy and Policy Settings
Topic:
- Network Discovery with Host and Application
- Network Object
- Discovery Policy and Rules
- Custom Topology
- Passive Discovery and Host Profile
- Active Discovery with NMAP Scan
About Author
Metha Chiewanichakorn, CCIE#23585 (Ent. Infra, Sec, SP), is a Cisco networking enthusiast with years of experience in the industry. He is currently working as a consulting engineer for a Cisco partner. As a founder of and an instructor at labminutes.com, Metha enjoys learning and challenges himself with new technologies.
2 comments
FW_Access Control_ALL over again?
Metha, first of all congratulations and thank you for making such a brilliant resource like Lab Minutes available!
Question:
So when you talk about access control rules for Firepower, does this mean we are actually configuring all the Firewall ACL rules all over again? Because the FP module is in-line now and for it to inspect all the traffic, we need to do that right?
Please correct me if I am wrong. If I am correct, is there an easier way to export rules from the FW and import them in the FMC?
FW_Access Control_ALL over again?
With ASA FP, there is always a question of what to configure on ASA ACL and what to configure on the FP Access Control Policy. While it is sometime possible to configure at either place, we do recommend configure basic deny/allow using ASA ACL to cut down what get sent to FP, and only use FP to perform application-level inspection. So if you already have ASA, you wouldn't really need to change ASA ACL to add FP module. To our knowledge, there is no tool to convet ASA ACL to FP policy today.