You are here
SEC0226 - ASA Firepower 6.0 URL and DNS Security Intelligence (Part 1)
Difficulty Level:
Lab Document:
<Please login to see the content>
Category:
Security
The video introduces you to the concept of URL and DNS Security Intelligence on ASA Firepower 6.0. Unlike their predecessor, Network-based SI that monitor traffic at the IP address level, URL and DNS SI allow or deny traffic based on URL and DNS requests. We will go through some lab exercise of configuring both static and dynamic feed. We will also demonstrate an ability to have Firepower intercept and redirect DNS request to a sinkhole target.
Part 1 of this video covers configuration and testing of URL Security Intelligence
Topic:
-
URL Security Intelligence
- Static BlackList and Whitelist
- Custom Dynamic URL Feed
- Cisco Dynamic URL Feed
-
DNS Security Intelligence
- Static BlackList and Whitelist
- Custom Dynamic DNS Feed
- Cisco Dynamic URL Feed
- Access Policies
- DNS Sinkhole
2 comments
URL or DNS
What's really the main difference between URL and DNS blacklisting? Can't one replace the other?
URL or DNS
They are actually different. URL inspection is based on web traffic and DNS inspection is based on DNS lookup. Technically, if DNS is blocked, there should be no web traffic follows but in case DNS is not blocked just becuase for some reason the FW did not see it, the web traffic cna still be blocked.