You are here
SEC0167 - ASA FirePower Security Intelligence (Part 2)
Difficulty Level:
Lab Document:
<Please login to see the content>
Category:
Security
The video shows configuration of Security Intelligence feature on Cisco ASA FirePower. You will learn how to use Global Whitelist and Blacklist to allow or deny traffic to certain IP of your choice, and, better yet, how to leverage Cisco dynamic IP feed to drop traffic to destination deemed malicious.
Part 2 of this video goes through procedure of blocking traffic by leveraging the dynamic IP feed
Topic:
- Security Intelligence Object
- Global Whitelist and Blacklist
- Custom IP List
- Security Intelligence Feed and Categories
About Author
Metha Chiewanichakorn, CCIE#23585 (Ent. Infra, Sec, SP), is a Cisco networking enthusiast with years of experience in the industry. He is currently working as a consulting engineer for a Cisco partner. As a founder of and an instructor at labminutes.com, Metha enjoys learning and challenges himself with new technologies.
2 comments
Security Intelligence
Hello,
I am having trouble with my Security Intelligence. For some reason, it is not blocking or logging the traffic from this video. I have verified that the Malware and CnC components are in the blacklist, however, it does not detect them. If I add a site to the global blacklist manually, it blocks it. Please advice what might be wrong?
Thanks,
Mark
Security Intelligence
Regardless, the traffic should be logged. Are you logging the beginning or end of connection? One thing to keep in mind is the destination you are testing with may no longer be considered a part of Malware or CnC category especially those shown in the videos as the Security Intelligence DB gets often updated. You may need to search for new destination to test with.